One of the questions that I am sometimes asked is how important cybersecurity really is in terms of its true value for businesses.
“Everyone has already been breached, and there is no privacy anymore,” the question goes. “So why should I spend so much money to protect my data that has already leaked or will probably eventually leak anyway?”
While such a question is fair, appropriate, and powerful, it makes several incorrect assumptions, and it does have an excellent answer.
In terms of the erroneous reasoning, it is important to understand that while there certainly have been many serious data breaches in recent years, the vast majority of sensitive information belonging to both individuals and businesses has not yet been compromised. Consider what data typically leaks during most breaches – databases of usernames and passwords, credit card numbers, etc.; while there certainly are exceptions, in general we do not find that hackers have successfully stolen the full email archives, research and development records, and other extremely sensitive materials belonging to most corporations. Furthermore, new sensitive material is created every day – so even when such data is stolen, data created after the breach (which may also contain information as to the organization’s investigation into the breach as well as how it plans to prevent similar breaches in the future and) may be secure.
Additionally, privacy is not dead – for those who seek it and are willing to forgo certain conveniences, privacy is both alive and well. Of course, privacy is not a black-and-white type of concept either; there are many levels that are possible, and people will arrive at different wants when they weigh the pros and cons of using any privacy-compromising offering or setting.
In terms of actual damage to businesses from data leaks, consider the following:
Cisco’s final 2017 Cybersecurity Report, which provided insights based on threat intelligence gathered by Cisco’s security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs) and other security operations leaders from businesses in 13 countries, found that:
- More than 50% of breached organizations faced public scrutiny after a breach
- 22% of breached organizations lost customers (with almost half of those firms losing more than a fifth of their customer base)
- 29% of breached organizations lost revenue, with more than a third of breached businesses losing more than fifth of their revenue.
- 23% of breached organizations lost business opportunities, with 42% of them losing more than a fifth of such opportunities.
Additionally, some businesses collapse, or suffer devastating, transformative losses, after a breach. A National Cyber Security Alliance study found that a majority of small and medium-sized businesses that are suffer a significant breach go out of business within six months. Even those that do not fail altogether may suffer serious consequences: After the Chinese wind turbine maker, Sinovel Wind Group, allegedly stole copyrighted material and trade secrets from US-based AMSC (formerly American Superconductor), for example, the Chinese firm stopped doing business with AMSC, costing ASMC $800 million in revenue and $1 billion in shareholder equity, and forcing ASMC to let go of 700 employees, approximately half of its workforce.
In short – most sensitive information has not been breached, and protecting it is usually a worthwhile investment.
To learn more about data security, please view the free webcast, Guarding Your Digital Assets, from Microsoft’s Modern Workplace.
This post is sponsored by Microsoft.