Studies suggest that in 2016, hackers stole an estimated $1 billion using ransomware. This translates into a cost of around £75,000 per small business. Without a doubt, the need for robust IT security has never been greater.
There are many simple ways to improve your security posture: firewalls, external servers and cloud back-ups can stop hackers in their tracks. Above all, it's important to keep the best tools on hand as hackers techniques become more advanced.
Businesses should realise that their IT security is more than just a tool; it’s a growth driver and a source of competitive advantage too. In fact, research by Cisco has found that the value of cybersecurity is more than US$7 trillion. Furthermore, a survey of over one thousand senior executives and IT specialists found that:
- 71 per cent of executives claim that concerns over cybersecurity impede innovation;
- 30 per cent view cybersecurity as growth enablement; and
- 44 per cent view it as a competitive
Approaching IT security as a business issue will enable you to use your cybersecurity posture as a mechanism for growth. How? By:
- Investing in security
- Embedding compliance into business processes
- Differentiating yourself using security processes and protections
Investing in security
Before anything else, preparation is the key to success – Alexander Graham Bell
Although investing in security may seem expensive, when viewed as a cost prevention measure it is worth it. The costs of a data breach can be huge. In 2016, more than half of companies that experience a breach faced public scrutiny. Operations and finance systems were most affected. Damage to brand reputation and customer retention closely followed. Organisations that suffered an attack felt substantial effects:
- 22 percent of breached organisations lost customers, with 40 percent of them losing more than a fifth of their customer base.
- 29 percent suffered lost revenue, with 38 percent of that group losing more than 20 percent of revenue.
- 23 percent of breached organisations lost business opportunities, with 42 percent of them losing more than a fifth of opportunities.
According to the Ponemon Institute, the global average cost of a data breach is US$158 per stolen file or record. The total cost of a data breach, on average, is US$4 million. Can you afford that?
When a breach occurs there are some obvious remediation costs on top of any money stolen. However, a breach can cost businesses in ways that aren’t immediately apparent:
- Fines and legal penalties may apply if hackers manage to breach your website. Loss of customer data can lead to fines of up to £500,000 under the Data Protection Act 1998. This should be a serious concern for businesses as there were 21 fines totalling more than £2m in 2016 alone. In 2018, this ceiling will increase to €20m or 4 per cent of total turnover with the introduction of the European Union’s General Data Protection Regulation. Despite Brexit, the UK government has confirmed that it will implement the GDPR. This means businesses in the UK must be compliant by 25 May 2018.
- Sales disruption – Your business loses customers when your website is down. In 2015, network outages resulted in companies losing an average of £54,750 annually.
With a bit of foresight and preparation, you can minimise the costs of a data breach or other security incident. The cost of robust IT security can vary, but it’s always going to be worth it.
Embed compliance into business processes
Data matters now more than ever before. It guides business decisions and strategy, shapes customer journeys and generally impacts how we live and work. But while you can have all the information in the world, it’s next to useless if you don’t know how to analyse it. It’s much more important to be data-informed than data-rich.
It’s also important to be secure and smart when it comes to data, and this is why having a solid and compliant data management plan is critical for growth. Your data is the most valuable asset you have: if it’s compromised you’ll not only face legal and financial penalties, but you’ll lose your competitive edge.
There are standards and practices set by governments and industry bodies, such as ISO 27001, which govern the use and handling of data. These provide ‘a model for establishing, implementing…and improving an information security management system.’ These guidelines can shape your IT security policy and embed compliance into your business processes, ensuring that you are being proactive in protecting both your customers and your own data.
To facilitate growth, you must be aware of what compliance requires and build these measures into your processes. Embedding compliance into your business processes can help you grow in the following ways:
- Increased transparency – Your business can become more efficient through easily traceable audit trials. This also ensures accountability within your business. Your systems will have a record of which employee carried out an action and when they did it.
- Increased client confidence – You can increase client confidence by showing that you follow best practice beyond the bare minimum. This can reassure new and existing clients of your capabilities and commitment to privacy.
- Process optimisation – Standardising through compliance can make it easy to optimise IT processes. Doing so delivers value through better IT delivery and faster, more integrated services.
- Reduction of potential penalties – You can reduce the risk of legal penalties and fines.
- Decrease in security incidents – With proper staff training you can reduce your security risk. This includes teaching staff about malware, email phishing schemes and other viruses. In doing so, you can avoid downtime, potential penalties or blackmail via ransomware.
These days, consumers are more attracted to businesses that are compliant. They are more aware of the value of their information than ever before. They only want to give it to a company that they can trust. By becoming ISO certified and compliant, you’re showing customers that you are worthy of that trust.
Security processes and protections set a business apart
One third of consumers will shop elsewhere if their retailer of choice suffers a cyberattack and forty percent of consumers said that trust in an organisation was the most important factor when deciding to give away their personal information. More than any time in history, privacy matters.
The way businesses act directly affects how consumers view them. Without proper security, organisational growth can be severely reduced or halted altogether.
- Brand and reputational damage – This is hard to quantify, but your business’s reputation has a dollar value. If damaged, it can spell disaster. For example, in a survey conducted by OnePoll, over 86 per cent of consumers said they wouldn’t do business with an organisation which suffered a breach that exposed credit/debit card details. And although experts believe that businesses can mitigate the costs of brand damage with a proper breach response, your focus should still be on preventative security. It’s better to be safe than sorry.
- Traffic loss – To ensure that they offer the best service, Google regularly checks websites for evidence of malware or breaches. If they find a compromised site it is ‘blacklisted’. This means that your site loses its ranking on Google, reducing the number of visitors. Businesses can have this fixed, but at a cost.
One of the most infamous cyber-attacks in the past few years was against Ashley Madison. In 2015, the infamous infidelity dating site suffered a catastrophic data breach. This resulted in the leaking of private user information. Not only did this ruin the reputation and lives of many users, but the parent company Avid Life Media lost more than a quarter of its revenue as people abandoned their services.
IT security as a business issue: the first cut is the deepest, so protect your assets
Sixty-nine percent of businesses say that cyber-security is a high priority for them but only 51 percent have taken recommended actions to identify and eliminate cyber-threats. This is despite the fact that more than a quarter of SMEs would go out of business if hacked.
As the Ashley Madison incident shows, a single slip-up in security can deliver a catastrophic blow to a business’s growth. The reparation and punitive costs of a breach can be devastating to a business, particularly a small one. With some foresight and preparation you can protect your business can and your assets through investment in security products and compliant processes. By improving your cybersecurity posture you will reduce the risk of a costly cyberattack, and you’ll have created a new source of competitive advantage.