The Other Cost of a Breach: Trust | NAWBO

NAWBO Blog

The Other Cost of a Breach: Trust

 

In today’s digital world, earning and maintaining trust is more complex than ever. In just a few short minutes, a cyber security breach of employee or customer personal data can undo trust that has taken years to build—not to mention the financial cost of dealing with and recovering from a serious breach. That’s why cyber security is such a critical issue right now for businesses of all industries and sizes, and why this issue of NAWBO ONE is dedicated to the topic.

Stories of companies and organizations that have faced breaches are everywhere and growing. Earlier this year, the U.S. Department of Justice (DOJ) indicted nine hackers over an alleged spree of attacks on more than 300 universities in the United States and abroad. The suspects were charged with infiltrating 144 U.S. universities, 176 universities in 21 other countries, 47 private companies and other targets like the United Nations, U.S. Federal Energy Regulatory Commission and states of Hawaii and Indiana. The hackers allegedly stole 31 terabytes of data, estimated to be worth $3 billion in intellectual property. These particular attacks used carefully crafted spearphishing emails to trick professors and other university affiliates into clicking on malicious links and entering their network login credentials. Of 100,000 accounts the hackers targeted, they were able to gain credentials for about 8,000, with 3,768 of those at U.S. institutions.

The retail industry is also an often target for attacks. At least 16 separate cyber security breaches occurred at retailers from between January 2017 and now—including Macy’s, Adidas, Sears, Delta, Best Buy, Saks Fifth Avenue, Panera Bread, Sonic, Whole Foods and GameStop. Many of the breaches were caused by flaws in payment systems, either online or in stores. A recent report by cyber security firm Shape Security shows that as many as 90 percent of the people who log in to a retailer’s e-commerce site are hackers using stolen data. This is the highest percentage of any sector. Worse yet, according to a study by KPMG, 19 percent of consumers say they would completely stop shopping at a retailer after a breach, and 33 percent would take a break from shopping there for an extended period—proof that attacks compromise customer loyalty in a serious way.

While these are large organization examples, small businesses are equally (if not more) at risk. Small businesses, which make up more than 97 percent of the total number of businesses in North America, have a unique role in the cyber security ecosystem and overall national security strategies. They can be targeted by cybercriminals as gateways through the supply chain to larger corporations, many of which are in critical infrastructure sectors. They also store not only their own critical data and information, but also customer records, vendor information, customer lists, passwords and more. It is a lot to lose, should you ever lose it.

So just how big is this risk to small business? Very big, according to the Verizon Data Breach Investigation Report that shows 61 percent of breaches hit smaller businesses last year, up from the previous year’s 53 percent. Also, according to UPS Capital:

  • Cyber attacks cost small businesses between $84,000 and $148,000.
  • 60 percent of small businesses go out of business within six months of an attack.
  • 90 percent of small business don’t use any data protection at all for company and customer information.

In this issue of NAWBO ONE, we look at cyber security through the lens of a small- to mid-sized business. Our member spotlight features an entertainment attorney who frequently deals with cyber security issues. We have a roundtable where NAWBO members share how they’ve been impacted and what they’ve done to protect themselves. Additionally, we have a rundown of the most common types of breaches and easy actions to take to make sure you and your business don’t fall victim.

After all, the most important first step you can take to protect yourself from a cyber attack—and maintain your employee and customer trust—is educating yourself about what you’re up against.

—Molly Gimmel, 2018-2019 NAWBO National Chair