In the event of a cyber security breach, minds usually turn to how it occurred and what information was lost. Below we explore some of the ramifications of a cyber-attack.
Consider the following scenarios in the context of a cyber attack on your organisation.
Safety and privacy of staff and customers
Perhaps you have high profile, high net worth customers? Maybe you provide goods or services to vulnerable people? Maybe you hold data on people that they entrusted to you and don’t want shared with people they don’t know! What could the implications be, not just to your business, but the people whose details have been exposed if personal details of customers or staff are stolen?
With personal information and a link back to the source (i.e. your business), attackers can masquerade as the source, making it harder for people to determine the legitimacy of any correspondence.
The value of exposed private residential addresses, phone numbers, email addresses and dates of birth to criminals and other moral-deficient types can be enormous. Once it has leaked there’s no way to control the dissemination of compromised information. Depending on the nature of the data and the type of people whose hands it falls into, the consequences can be devastating.
What could the safety and privacy repercussions be to your customers and stakeholders if the data you hold on them is exposed?
Reputation damage and damage to brand confidence
When subjected to a cyber-attack, trust in a brand always takes a hit; the organisation looks weak for not being able to defend against attackers. For this reason, we rarely hear about cyber breaches if exploited organisations can help it.
Often, however, word does get out. It may be as a result of legislated reporting requirements, the unearthing of data on a website, an alert from a service like Have I Been Pwned or a whistle-blower from within the organisation, but whatever the means, confidence of existing and prospective customers in terms of how safe their information is will be thrown into doubt.
The thought alone that a password used in multiple locations is exposed can be enough to destroy a customer’s confidence in your brand.
And it’s not just customers whose confidence can take a hit; staff may lose confidence in the company and its capabilities.
If your organisation was the victim of a cyber breach that became known publicly, how would your organisation’s reputation fare?
Loss of productivity and recovery costs
Some cyber-attacks result in theft of data but systems continue to run. Some cyber-attacks on the other hand result in entire systems being locked down with users locked out, including because data on drives has been irreversibly encrypted or lost.
The repercussions in this kind of situation can destroy a business.
In September 2019, Demant Group – a Danish hearing aid manufacturer – was forced to shut down its IT systems when they were the victim of a cyber-attack. The company ground to a relative standstill with staff unable to work and production halted. Demant estimated it will lose between US$80 million and US$90 million as a result of out of pocket expenses and lost revenue.
If users and devices on your network were simultaneously prevented from operating, what would your staff do and how would you serve your customers?
Loss of competitive advantage
It goes without saying, but if sensitive information such as strategic plans, product blueprints and supplier relationship information is accessed and falls into the hands of competitors, what would the impact be on your business?
Protecting your business from cyber attacks
Check out the Assessity cyber security resources for businesses post for guidance on reviewing your business’s cyber security defences.