Cyber security breach ‘costs businesses 20% of revenue’

The cost of a cyber security breach is a topic we’ve covered before here at Barclay Simpson, but new research suggests that particularly serious incidents could now be more damaging than ever before.

 

Cisco’s 2017 Annual Cybersecurity Report (ACR) revealed over one-third of global businesses that suffered a breach last year claimed it lost them 20 per cent or more in revenues. In fact, 38 per cent of organisations that saw turnover decline following an incident said losses exceeded 20 per cent.

 

But the direct financial impact is just the tip of the iceberg for many organisations. According to the report, 22 per cent of breached companies said they also lost customers, with 40 per cent seeing more than 20 per cent of their business slip away.

 

Moreover, 23 per cent said they had missed out on business opportunities, with 42 per cent of these arguing that they’d lost 20 per cent of prospective projects.

 

“In 2017, cyber is business, and business is cyber – that requires a different conversation and very different outcomes,” John Stewart, senior-vice president and chief security and trust officer at Cisco.

 

“Relentless improvement is required and that should be measured via efficacy, cost, and well-managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture.”

 

But what threats are causing the biggest problems? And how can organisations protect themselves against breaches?

Tackling cyber security issues

The ACR report, which surveyed 3,000 chief security officers (CSOs) across 13 countries, claimed skills shortages and poor compatibility of IT systems were the biggest problems they face, along with ongoing budget restraints.

 

Our own research last year showed UK recruitment spending remained somewhat stable for security, with 33 per cent of departments reporting rises, but this was notably down from 41 per cent in 2015.

 

Cisco also found that nearly two-thirds of security teams are using between six and 50+ products to help them protect against breaches. However, the rising complexity of these environments can create security effectiveness gaps.

 

Criminals appear to be favouring traditional attacks as we settle into 2017, with adware and spam becoming popular again. Data showed that almost 65 per cent of all emails are spam, of which up to ten per cent are malicious.

 

Nevertheless, a number of new threats have emerged over the last year. Cisco confirmed that hacking became more “corporate” in 2016, with attacks often mimicking business structures.

 

For example, malvertising campaigns began using ‘gates’ or ‘brokers’ to act as middle managers that could mask criminal behaviour. Cloud computing has also created considerable risks, particularly from third-party apps that employees have introduced.

 

Clearly, organisations will need comprehensive security measures in place as they try to stay ahead of new and innovative threats from increasingly sophisticated cyber criminals.

 

Companies could otherwise find they lose one-fifth of their revenues, business opportunities and customer base from just a single serious breach.

 

Our 2016 Compensation and Market Trends Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.

 

Image: Kirill_Savenko via iStock