Business Credibility: The True Cost of a Data Breach

Over the last two decades, cybersecurity has grown ever more important for businesses around the world. With new tools and techniques being developed every year by hackers, the list of risks posed to any business – large or small – is continually growing longer and more daunting.

A lot of the time, this can cause damage beyond repair. Take MyBizHomepage, for instance. At one point, this online company was valued at $100 million, but after a targeted cyber-attack, the company’s board had to completely take the site down. Nirvanix is another company that once had a strong customer base, but in the space of six weeks, they were demanding customers to quickly remove their data, and closed down not too much later.

But, while it’s big businesses that make the front page, it’s actually the SMEs that are the most vulnerable to cyber-attacks.

According to a recent study, nearly 43% of cyber threats are targeted at small businesses, and only 14% of those SMEs are well equipped to face such attacks.

Over the next five years, SME attacks are also projected to increase by 15%, and with 60% of companies going out of business within 6 months of an attack, this should serve as a big warning sign for any SME operating without being prepared.

How Data Protection Ties Into Business Credibility

With small businesses in mind, it’s worth saying that not every business closes due to the attack itself, but rather the wider consequences it has on the company’s reputation.

In 2023, the average consumer knows a lot more about data protection than they once did. After the GDPR came into force back in 2018, a lot of new information was circling the internet, with users first realizing the true scope of data exploitation online – and, shortly thereafter, how to secure and reduce their digital footprint, remove data from Google, and take back control over their presence online.

With this information in mind, consumers began expecting better from businesses, especially when it comes to how their data is handled and what it is used for.

If a company is breached, and that data is made vulnerable, the reputation of that company is forever tarnished. According to recent statistics, 55% of people would be less likely to do business with companies that had been breached, and this is a number that small businesses cannot afford to lose.

Small Business Data Breaches in 2022

2022 set a bleak record for the number of cyber attacks targeting small and medium sized businesses. Over 43% of all cyber attacks last year were aimed directly at SMEs, representing a 15% increase over previous years. The expansion of remote and hybrid work models has created new vulnerabilities that hackers are exploiting at an alarming rate.

Some of the most high-profile SME breaches in 2022 include:

• AI Insurance - This UK-based insurtech startup suffered a data breach exposing sensitive customer information like driver's licenses, passports, and policy documents. Over 17,000 customers were impacted. The startup was forced to cease operations less than a year after launch.
• Suprema - A biometric security company had a server misconfiguration that exposed over 1 million customer records. The records contained fingerprint data, facial recognition patterns, and other highly sensitive personal information.
• Click2Gov - Hundreds of local government payment portals run by Superion LLC were compromised by a vulnerability that exposed credit card numbers, bank account details, and other financial information. Over 300 municipalities were impacted.

These are just a few examples that highlight the expanding attack surface and escalating consequences tied to SME data breaches. The risks extend far beyond just data loss - they can completely destroy companies.

Long Term Impacts on Business Viability

The harsh reality is that over 60% of small to medium businesses are forced to close their doors permanently within 6 months of suffering a data breach. The reasons behind these closures extend far beyond just the immediate impacts of the cyber attack itself. There are longer term consequences that slowly erode business viability over time.

Loss of Customers and Revenue

An alarming 67% of customers indicate they would switch providers/vendors immediately if their data was compromised. The loss of business is massive, and many small operations simply can't absorb or recover from that kind of sudden revenue hit. Acquiring new customers is exponentially more expensive than retaining existing ones - most SMEs lack the marketing budget to rebound.

Brand and Reputation Damage

News of a company's security shortcomings spreads fast, especially in the digital age. Today's consumers are highly aware of privacy risks and news of a breach can destroy public trust almost instantly. SRU research indicates at least 55% of consumers take a company's security reputation into account when making purchasing decisions. That's a massive chunk of the market that small businesses may never get back.

Leadership Distraction

Cyber attacks demand an immediate emergency response from company leaders. Often the CEO, CTO, and other executives need to divert a massive amount of time and resources to coordinate technical teams, manage communications, and begin remediation efforts. Many small business leaders wear multiple hats out of necessity - dealing with a breach can completely distract them from critical revenue-driving priorities.

Financial Costs and Fines

The hard costs of investigation, remediation, legal counsel, credit monitoring services, and other breach-related expenses often run into the millions of dollars even for small companies. Cyber insurance policies help defray some costs but they can still be financially crippling. Regulatory fines also add up fast, especially with expansions to state and federal laws. The average cost per lost record in 2022 was $170.

The risks posed by lax cybersecurity extend far beyond just the initial data theft itself. Breaches can trigger a downward spiral that slowly erodes a company's finances, customer base, leadership focus, and viability over time.

How To Embrace This New Landscape

For small businesses operating today, the outlook may look a little bleak. But actually, there is an opportunity here.

Instead of treating cyber threats as a burden, businesses can take advantage of an opportunity to rise above the competition. As mentioned before, data privacy is now widely understood and sought after by consumers, and with 53% of them more likely to do business with brands that practice transparency, this is a chance to elevate cybersecurity and demonstrate that commitment transparently.

This can be done in just a few key ways:

• Invest in a strong cybersecurity program - As discussed, hackers are always finding new ways to attack businesses, so it is important to stay ahead of the game and protect yourself with the latest tech and strategies.
• Clarify these cybersecurity policies with your customers - Tell them directly what you are doing to protect their data and protect the company itself from breaches.
• Remain communicative about how you are evolving, and give customers easy access to reach you.
• Tell your story- If you want customers to stay loyal – even if the worst happens – then they are more likely to do so if they feel like they know your brand and are invested in your story. This will build a relationship between you and the consumer that is hard to destroy.