Cybersecurity Reports Reveal Consumer Concern & Corporate Harm

Conceptually, most organizations know that security is important. When it comes to making the investment to protect corporate and customer data, though, not all companies have made the commitment to the policies, procedures and technology needed to adopt a truly strong security posture. But two new studies were recently released that should have companies taking a long, hard look at security.

The Recent Statistics

Cisco released the 2017 edition of its annual Cybersecurity Report. Here are a few key takeaways that should have organizations very concerned:

• 49% of organizations dealt with public scrutiny resulting from a security breach
• The top functions affected by security breaches are Operations (36%), Finances (30%) and Brand Reputation and Customer Retention (both with 26%)
• 23% have experienced opportunity loss driven by a security breach
• 29% have experienced revenue loss
• 22% lost customers as the result of a breach (39% of those organizations report losing 20% or more of their customers)

Meanwhile, IDC released a special report looking at U.S. consumer sentiment and opinions regarding data security and privacy. This poll held even more bad news for organizations that struggle with security.

• 84% of U.S. consumers say they are concerned about the privacy of their personal information
• 70% are more concerned today than they were in the past
• More than 50% of consumers say they are willing to switch service providers if they feel their personal information isn’t well protected or is threatened
• If a data breach does affect them personally, 78% of consumers say they would switch away from that service provider

The Chance of a Security Breach

Though cybersecurity has been a topic of discussion for years now, it’s important to not get desensitized to the threat – because it’s growing. The year 2015 saw the second most U.S. data breaches since the Identity Theft Resource Center started tracking the metric. A year later, 2016 set a new all-time record, seeing a 40% year-over-year increase in data breaches. Breaches within the business sector dominated, accounting for 45% of incidents, followed by healthcare/medical breaches (34%).

Hackers aren’t the only threat either. Employee mishandling of data (whether malicious or unintentional) can result in security breaches and compromised data as well. For instance, a recently discovered data breach within the healthcare industry was the result of “highly confidential information [having] been accessed and copied onto a flash drive without authorization,” as reported by the HIPAA Journal. That flash drive was subsequently “allegedly lost,” further exposing the sensitive data to unauthorized access. In fact, 46% of major personal health information (PHI) related breaches in 2016 were the result of unauthorized access/disclosure or loss, both categories generally dominated by employee mistakes.

It’s Time to Act

The trends in breach incidents, coupled with clear consumer concern and dire business ramifications make it clear: cybersecurity can no longer be ignored, postponed until later or approached with a “wait and see” or “good enough for now” mentality.

“Security teams who believe they will dodge this bullet are ignoring the reality of the data. … Given the attackers’ range of ability and tactics, the question isn’t if a security breach will happen, but when.” – Cisco 2017 Annual Cybersecurity Report

Strong policies and consistent employee training are important components of a security program, but organizations need to consider taking a stronger stance, including physically baring certain high-risk desktop functions and ensuring all data is encrypted and secure at all points of access, transmission and storage.

Storing sensitive data on endpoint devices or allowing employees (including third party contractors) the ability to mishandle information by copying/pasting, saving to external drives or cloud locations, printing, etc. are going to lead to ever increasing threats and a higher chance of a high-profile breach. The public is increasingly aware of these threats – and increasingly unwilling to do business with organizations that aren’t taking proactive steps to guard their data. While organizations shore up their internal approaches to security, they need to heavily consider outsourced vendors who also make security a top priority and help solve the security problem.

Learn how Dizzion can help address endpoint and end user vulnerabilities with desktop security and controls.