Data breaches are costing businesses 20pc of their customer base

1 Feb 2017

Image: wk1003mike/Shutterstock

Businesses that succumb to a data breach can end up losing up to 20pc of their customer base, according to the Cisco 2017 Annual Cybersecurity Report.

Now in its 10th year, the Cisco Annual Cybersecurity Report found that over one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20pc.

The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries.

‘Relentless improvement is required and that should be measured via efficacy, cost and well-managed risk’

Future Human

It found that budget constraints, incompatible systems and complex IT environments – using anything between six and 50 software security products – are stymieing the responsiveness of CSOs to threats.

But the biggest barrier to defence is a lack of trained talent.

In the midst of this, criminals are leading a resurgence of ‘classic’ attack vectors, such as adware and email spam, the latter at levels not seen since 2010.

Spam accounts for nearly two-thirds (65pc) of email, with eight to 10pc cited as malicious.

Global spam volume is rising, often spread by large and thriving botnets.

Financial impact of data breaches

Data breaches are losing businesses 20pc of their customer base

Image: Cisco 2017 Annual Cybersecurity Report

The report found that more than 50pc of organisations faced public scrutiny after a security breach.

Operations and finance systems were the most affected, followed by brand reputation and customer retention.

Crucially, it found that the effect of attacks was substantial; 22pc of breached organisations lost customers, and 40pc of them lost more than 20pc of their customer base.

It also found that 29pc of firms lost revenue, with 38pc of that group losing more than 20pc of revenue.

About 23pc of breached organisations lost business opportunities, with 42pc losing more than 2pc.

“In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes,” said John Stewart, chief security and trust officer at Cisco.

“Relentless improvement is required and that should be measured via efficacy, cost and well-managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture.”

The rise of the corporate hacker

Hackers are becoming increasingly corporate and are attempting to mirror the middle management structure of their corporate targets.

Certain ‘malvertising’ campaigns employed brokers or ‘gates’ that act as middle managers, masking malicious activity.

But there is no escaping the reality that employees are still the weakest link in the chain. 27pc of apps introduced by employees to increase efficiency or sales were found to be high-risk and created significant security concerns.

Old-fashioned adware – software that downloads advertising without user permission – continued to prove successful, infecting 75pc of organisations investigated.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years