You suffer an online attack and your data is compromised; it’s pretty bad. Maybe you didn’t have the proper precautions, and you get fined too. That isn’t exactly a whole heap of fun. But – and I hate to bear bad news of a Monday – the worst part of a cyber attack, argues Information Commissioner Christopher Graham, is the bit that comes after that; because a good reputation is priceless, hard to build up, and very easy to lose.
Businesses should probably listen up, because this man has got the power – he can hit them with a fine of up to £500,000 if they step outside UK data protection laws. A couple of weeks ago he told BBC 5 Live’s Breakfast programme that the real damage of a breach is done to a brand’s image, so they must make sure they’re protecting themselves, and their customers’ data: “[Online data breaches are] going to go on and on and on until businesses wake up and realise that personal information is not their play thing.”
He explains: “It’s our information, it needs to be protected and the brands that get it wrong will trash their reputation – that’s the real threat for the eBay’s and the Sony’s of this world… [Civil monetary penalties are] not the real hit. The real hit is reputation, the real hit is the brand.”
His comments follow eBay’s massive attack last week; which was was pretty embarrassing, took them ages to rectify, and forced them to email all their customers telling them to change their passwords. Aw-kward. Graham said there wouldn’t be any decision about penalising eBay until a full investigation takes place; but he’s mentioned Sony’s £250,000 fine, so that’s not looking unlikely in this instance too.
A recent IBM survey looked at over 2,300 business continuity specialists and IT security practitioners, spanning 20 industries and 37 countries. Participants were asked to look at a list of six common threats and six common categories of costs. Human error came out as the number one most likely common threat, but reputation and brand damage was identified as the ‘single largest potential cost’. And it’s not surprising. With the eruption of social media, and the increasing demand for transparency, nowadays there’s nowhere for a bad reputation to hide. And whilst that’s fine for rock stars, it’s a killer for businesses.
Part of the problem is lack of awareness; the study also found that around two-thirds of those surveyed reckoned their leaders didn’t realise that disruptions could cause knock-on damage to their reputation and brand image.
But even worse, is that sometimes when businesses do realise the consequences, it stops them reporting breaches. A report by the Office of Cyber Security and Information Assurance (OCSIA), looking more closely at the cost of cyber crime in the UK, found that the “potential for reputational damage is inhibiting the reporting of cyber crime”. Labour shadow defence secretary Vernon Coaker is trying to stop this, and called for the next strategic review of defence policy to put more focus on the growing threats of cyber-crime. This would also mean that businesses that are victims of cyber-crime have to disclose breaches; providing the opportunity to learn from the mistakes of others, and helping customers to know where they stand.
So, leave bad reputations to the rock stars, and keep yours intact by having a strong security strategy (even if only because ALLITERATION!). If you have any worries about the security of your solution with UKFast, give us a call on 0208 045 4945 or contact your account manager.