Both small and large businesses are continuing to fall victim to data breaches, with two types being particularly dangerous.
Spam and adware are more than just a nuisance. To business owners, they’re lethal.
Organizations continue to suffer from severe damages due to data breaches, according to Cisco’s 2017 report, Chief Security Officers Reveal True Cost of Breaches And The Actions That Organizations Are Taking.
The report found that more than 50 percent of organizations faced public scrutiny after a security breach, with operations and finance systems being the most affected. Data breaches also had an impact on brand reputation and customer retention.
For organizations that suffered a breach, damages included customer loss (22 percent), revenue loss (29 percent), and loss of business opportunities (23 percent). Among that group, there were some severe outcomes, too: 40 percent lost more than a fifth of their customer base, 38 percent lost more than a fifth of their revenue, and 42 percent lost more than a fifth of their business opportunities.
Spam was one of the most prevalent and dangerous culprits, reaching a damaging level not seen since 2010. Spam accounts for nearly two-thirds of all emails, with eight to 10 percent of them being malicious.
Another main cause is old-fashioned adware, which infected 75 percent of organizations polled.
“In 2017, cyber is business, and business is cyber—that requires a different conversation, and very different outcomes,” said John N. Stewart, Cisco’s senior vice president, chief security and trust officer. “Relentless improvement is required and that should be measured via efficacy, cost, and well-managed risk.”
However, there is some good news. Of organizations that suffered a breach, 90 percent are improving their cyber threat defense technologies and processes after attacks. This involves separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
Organizations and businesses aren’t the only ones aiming to make a difference. In September 2016, the House passed the Improving Small Business Cyber Security Act, “which aims to provide small businesses with cybersecurity awareness and training programs through the Small Business Administration’s small business development centers,” according to NFIB.