In an increasingly digitalized and interconnected world, the rise in cyber-attacks and data breaches has thrust organizations and government agencies into the spotlight.
While organizations may portray themselves as “victims” of cybercrime, stakeholders, partners, employees, and public opinion may view them as having failed in their duty to adequately safeguard their valuable assets and data.
Amidst the myriad of exogenous and endogenous factors that can trigger a crisis, security and data breach concerns have now ascended to the forefront of governments and corporations boards’ agendas.
The four major risks that organizations fear are:
- Financial risk and cash flow control
- Risk to customer/employee personal data and the consequent legal implications
- Risk of service and operations interruption
- Reputation risk
These risks are intertwined, creating a chain reaction with significant implications.
A Forbes Insights Report, in collaboration with IBM, indicated that almost half of all organisations, 46 percent, experienced reputation and brand damage due to a security breach. Additionally, 19 percent had suffered from reputational damage, caused by third-party security breach or IT system failure.
And the financial impact by cost category is the following :
- 29 % Reputation and brand damage
- 21 % Lost of productivity
- 19% Lost revenue
- 12 % Forensics
- 10% Technical support
- 8% Compliance/regulatory
However, the true impact of cyberattacks extends beyond financial metrics, including difficult-to-quantify factors such as credibility loss, diminished client confidence, and eroded trust among employees and partners.
Only organizations that have faced major cyber attacks can truly testify to the enduring damage suffered over the medium and long term.
So, how can organizations avoid making headlines and reduce costs in the event of a cyber attack?
An organization undergoing a cyber attack has 3 deadly enemies:
- The lack of time
- The lack of internal coordination
- The lack of technical and professional knowledge
And 3 friends:
- Cybersecurity culture, beyond awareness
- Business centric crises process and response plans
- Top technologies and trained teams
Within the PPT Framework – People, Process, Technology – the most valuable assets in organizations are its people, particularly in the execution of critical tasks. Employees now handle more sensitive data than ever before.
Following a 2020 study co-published with Professor Jeff Hancock from Stanford University, “Understand the mistakes that compromise your company’s security”, security company Tessian review in 2022 their first figures, after the pandemic era :
- Phishing email : 52% clicked because it looked as though it had come from a senior executive at the company, unlike 41% in 2020;
- Lost of a customer or a client due to an employee sending an email to the wrong person: 29% in 2022, up compared to 20% in 2020;
- Scam via text message : 56% of employees have received a scam via text message, and 32% complied with the request in the scam messages
Education and tailored cyber awareness plans reduce the incidents, protect the reputation and transforme the employees into genuine human firewalls.
But if an unexpected occurs and the crisis is triggered, corporate and operational communication should be considered business as usual. Proactive and informative communication delivered on time is the key to take appropriate response.
Please don’t hesitate to reach out to us for assistance in mitigating cyber risks and enhancing the security of your agency.
