The overall impact of cybercrimes are more far reaching than most of us would imagine, a recent study study by Kaspersky Labs shows. In fact the consequences are very personal.
Data breaches lead to senior employees let go
Within Kasperky’s new release we see that worldwide, 42% of businesses experienced at least one data breach in the last 12 months. Given that the average recovery costs from a data-breach is thought to be just south of £1M, this is all very significant. Add to this the expected losses of company reputation, customer privacy, and other assets such as the company’s own intellectual property and confidential information.
This highlights many things, not least that the consequences and responsibility for any serious security breach will reach beyond the IT staff. Amongst employees let go, non-IT executives and senior management were laid off in 29% of small and medium-sized businesses, with 27% let go in larger enterprises.
What Kaspersky has said
In a statement about the devastating impact that data breaches are having, Dmitry Aleshin, vice president of product marketing at Kaspersky Lab said “It can also have a very personal impact on people’s lives, whether they are customers or failed employees, so this is a reminder that cybersecurity has real-life implications and is in fact everyone’s concern … With data now traveling on devices and via the cloud, and with regulations like GDPR becoming enforceable, it’s vital that businesses pay even closer attention to their data protection strategies.” Our feeling is that this should included a major focus on the ‘people side’ of daily operations, known as behavioural security, as this is where most of the ingresses into systems is made.
The GDPR effect
GDPR is adding to the impact of such events, increasing the need for organisations to further reduce the risk of successful attacks. Businesses are now required by law to report data breaches within 72 hours, and to notify the individuals whose data has been compromised. These individuals are then more likely to receive compensation from the breached company. Obviously, along with any imposed fines, this can be hugely expensive and result in a devastating financial impact on the company itself. Added to this is the very public damage caused to the companies reputation.
This awareness enables us to build a picture for the reasons behind management and executive layoffs within the compromised organisations. It begs we ask the question of our own organisations too… “Are we doing enough to mitigate this risk to ourselves?”.
Cybercrime as a business
Europol (The European Union Agency for Law Enforcement Cooperation) have said that the existing cybercrime model is working for the criminals, and that recent developments are less about invention and more about refinement – meaning that attacks are becoming more insidious, harder to detect and hence will continue to succeed.
Cyberattack risk reduction & your organisation
If you are in doubt about the effectiveness of your current cybersecurity provisions, most people would probably advise you taking action straight away, if only to get a snapshot of your current cybersecurity arrangements for future planning. Preparing to keep your business running in the aftermath of a cyberattack seems like a good strategy to me too!