A recent survey by Ping Identity shows that customers move away from brands that have suffered data breaches.
Data breaches are now a common occurrence – big-name brands affected in 2018 include FIFA, British Airways, Vision Direct, Eurostar and Marriott. These are just a few of the household names that have suffered at the hands of criminal hackers this year and are under investigation; any penalties are yet to be confirmed.
It is essential for organisations of all types and sizes to do their absolute best to reduce the risks of a data breach. Not just because regulations and standards such as the GDPR (General Data Protection Regulation) and PCI DSS (Payment Card Industry Data Security Standard) demand it, not just because of the impact a breach has on daily operations, but because there is statistical proof that customers will abandon brands that suffer a breach.
The risk of long-term reputational damage cannot be ignored.
The report’s key findings
Ping Identity surveyed more than 3,000 consumers from France, Germany, the UK and the US to examine attitudes and behaviour in a post-breach era. Its report states the following key findings:
- One in five people (21%) have been the victim of a breach. Of those 34% experienced financial loss.
- Following a data breach, 78% of people would stop engaging with a brand online. Furthermore, nearly half (49%) would not sign up and use an online service or application that recently experienced a data breach.
- 59% prioritise the protection of their personal information when interacting with an online application or service, compared to only 12% who prioritise a convenient, straightforward user experience, and 7% who prioritise a personalised user interface.
- However, more than half of consumers (56%) are not willing to pay anything to application or online service providers for added security to protect their personal information.
Although consumers are increasingly aware of risks and prioritise safety when choosing which platforms to interact with, the final finding highlights the fact that they still consider information security a corporate responsibility rather than a personal one.
How can organisations reduce the risk?
- Understand, align with and operate within the regulatory requirements of your industry. Whether that is the GDPR, PCI DSS, Cyber Essentials or the NIS (Network and Information Systems) Regulations, compliance with regulatory frameworks will ensure you take the best steps to reduce and enable you to respond effectively if you do suffer a breach.
- Train your staff. Human error remains a leading cause of data breaches, so creating a cyber security culture in the workplace is the best defensive strategy. Training can be classroom-based, but there are other options such as e-learning, in-house training courses, and – of course – books for independent learning.
- Remain vigilant at all times. Within the realm of cyber security, being a little paranoid is a healthy approach. No one is too big (as seen from the organisations that have recently hit the headlines), nor too small. A 2018 survey revealed that SMEs (small and medium-sized enterprises) are unprepared for cyber attacks, despite 25% of them believing breaches are a matter of ‘when’, not ‘if’. The average cost for an SME to recover from an incident is about £90,000, so small organisations should invest in security measures to reduce risks.
Gartner predicts that global security spend will reach $96 billion (about £76 billion) by the end of the year due to four factors: regulatory change, buyers’ mindset, growing awareness of threats and changing to a digital business strategy. With more than 40% of UK businesses experiencing some form of cyber security attack or data breach in the past 12 months, it’s easy to see why organisations are looking to invest. However, when building your business case for investment, don’t forget to consider the potential long-term damage a breach could cause to your brand and the human instinct to withdraw from danger. No organisation can easily survive losing 78% of its potential audience.
How Vigilant Software can help
Vigilant Software aims to make data protection, cyber security, information security and risk management straightforward and affordable for all. Drawing on our years of experience developing and deploying risk management tools and services, our products reduce the complexity of your implementation project.
Our easy-to-integrate, Cloud-based tools – vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool and Compliance Manager – help you identify your legal requirements, understand the data you process and conduct information security risk assessments in line with international best practice.
Suitable for organisations of all sizes, vsRisk Cloud is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments, and helps protect your organisation from the penalties and financial losses associated with data breaches.
The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.
The DPIA Tool walks customers through the six steps they must complete as part of a DPIA (data protection impact assessment). The tool also helps you determine quickly whether a DPIA is required, and that you ask all the right questions.
Avoid spending significant time and money researching relevant laws and regulations for your organisation with Compliance Manager. This software makes it easy to identify your legal and regulatory information security requirements.
Find out more
To learn more about our range of tools and protecting your organisation from a data breach, watch our short introductory videos: vsRisk Cloud, the Data Flow Mapping Tool, the DPIA Tool and Compliance Manager.
To request a demo of any of our tools, please click here.