Superficially, it sounds like the correct way to think about the issue: up to 63% of C-Suite leaders are more concerned about data breaches than about losing customers as a result of the breaches. Surely a good sign, putting the security of data first? Yes, in one way, it is a very good thing as it means the company takes its data responsibilities seriously and is aware of the rigours of the soon-to-be-introduced GDPR data regulation scheme.
However, this does mean that business leaders are disregarding medium and long-term effects of such breaches on the customer base: only 16% said they were concerned that they would lose customers as a result of a data breach and only 11% of executives said they were concerned about their business’ reputation after a breach.
While 47% – almost half – worried about disruption to the business, these concerns did not go as far as worrying that the effect on the company could prove terminal, and the above-mentioned 63% were more inclined to mention the costs of investigation, repairing (both the company structures allowing the breach and restoring customer confidence), and legal fees than the possibly haemorrhagic result on a customer list.
Perhaps equally concerning, the study that arrived at these conclusions – taken from a pool of 800 senior managers, executives and directors – found that there was confusion throughout the company hierarchy as what, exactly, constituted a cybersecurity risk and how to put structures and processes in place to prevent the loss or risk of data being compromised.
As many as 44% – again, nearly half! – of the respondents believe malware to be an IT system’s biggest threat, instead of weak passwords, which only comes in at 24% and identity theft (29%): despite the fact that only 11% of data breaches were caused by malware, and almost twice as many cases each for both weak password systems and identity comprise.
However, there is hope for the business world, as long as robust systems are immediately put into place to ensure the proper maintenance and choosing of strong passwords, which are changed often, implementing and enforcing sensible data storage processes (no files left visible in areas where strangers can wander) and keeping confidential areas monitored for strangers being rooms to which they should have no access. IT security courses that teach all these skills and how to implement robust and bypass-free systems can readily be found on offer by reputable companies.