Top

Why Investing in Cybersecurity Preserves Customer Confidence

securityCustomer confidence suffers when a company or brand experiences a cybersecurity breach. These statistics are more than sobering:

  • Corporate retailer Target experienced a 46 percent drop in quarter-to-quarter profitability following a cyber breach that exposed the personal and financial information of millions of its customers.
  • The parent company of the extramarital dating website, Ashley Madison, lost more than one fourth of its revenues following the data breach that exposed account information of its customers. That revenue drop was in addition to fines and liabilities that the company faced, all of which combined to effectively cancel the company’s plans to raise capital with an initial public offering.
  • Four years after a data breach leaked emails and more than 68 million customer passwords in 2012, the online storage firm, Dropbox, is still attempting to recover its customer base and credibility.
  • Yahoo was recently able to complete the sale of its business to Verizon, but a 2014 cyberattack that leaked passwords and personal information of more than 500 million Yahoo user accounts dramatically reduced the company’s value and delayed the sale for several months while insiders and regulators cleaned up the mess left by the cyberattack.

To a certain extent, businesses can believe that customer awareness of cybersecurity risks is enough that individuals will protect their own personal and financial information. Individuals, however, are so overwhelmed by the volume of information that they need to process that almost half of all respondents in a recent survey indicated that they are more likely to rely on the businesses they deal with to erect proper cybersecurity barriers rather than attempting to protect their information themselves. In view of this, a business that maintains a stronger cybersecurity environment is more likely to appeal to those respondents.

Maintaining that environment typically involves a combination of measures. First and foremost, a company that carries cyber security insurance will be better able to attract and keep customers. Several insurance carriers now offer this product to protect companies from expenses related to direct losses and third-party liabilities that flow from a cybersecurity breach. A company can request cyber security quotes from different carriers to select the best policy that fits their environment.

A good cybersecurity insurance policy is one piece of a greater contingency plan that companies can implement to establish better customer loyalty. A company’s employees are often the weakest link in that plan. Employees can introduce malware into a corporate network, for example, by clicking on links and attachments in emails that they receive from unknown or anonymous sources. Employees also use weak passwords and connect to company networks via unsecured public Wi-Fi hotspots. Companies should train employees to remain on high alert to cybersecurity risks and to avoid activities that might compromise customer information.

Regular system and software updates are the third pillar of an environment with good cybersecurity. Hackers share information on holes in operating systems. System vendors and antivirus software developers have access to the same information and routinely release updates and patches to close those holes. Those updates and patches are of no use if end users fail to install them.

In the event that a company does experience a cybersecurity breach, it can best survive and recover from that breach by responding to it promptly, which includes promptly terminating the breach and closing the hole that made the breach possible. The next step is to notify the cyber insurance carrier of the breach. That carrier will then work with the company to stem further losses and to notify customers whose information might have been stolen as a consequence of the breach. Those customers will generally appreciate receiving this news from the company before their information is used for identity theft.

, , ,