Firms Hit By Data Breach Likely To Lose Customers' Trust: Report

by CXOtoday News Desk    Nov 25, 2016

Data breach The organizations who have hit by data breach attacks, are likely to lose the trust of their potential customers, the new study has revealed. According to a report by the Internet Society, companies those are not doing enough to protect themselves from cybercrime will lose customers quickly as consumer confidence in web services is at an all-time low. 

The Internet Society on Thursday released the findings from its 2016 Global Internet Report. According to the findings, 59 percent of users admit they would likely not do business with a company which had suffered a data breach. “Everyone knows that data security is a major issue for both consumers and businesses, yet companies are not doing everything they could to prevent breaches”, said Michael Kende, Economist and Internet Society Fellow who authored the report. 

According to the report, the average cost of a data breach is now about USD 4 million, up 29 percent since 2013. In 2015, there were a reported 1,673 breaches and 707 million exposed records. “According to the Online Trust Alliance, 93 percent of breaches are preventable. And steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted. This status-quo isn’t good enough anymore. As more and more of our lives migrate online, the cost and risk of a data breach is greatly increased, and will lead to lost revenues and a lack of trust,” added Kende.

Also Read: Security Is No Longer Just CIOs’ Headache

The report also draws parallels with threats posed by the Internet of Things (IoT). Forecast to grow to tens of billions of devices by 2020, interconnected components and sensors that can track locations, health and other daily habits are opening gateways into user’s personal lives, leaving data exposed. “We are at a turning point in the level of trust users are placing in the Internet,” said Internet Society’s Olaf Kolkman, Chief Internet Technology Officer. 

“With more of the devices in our pockets now having Internet connectivity, the opportunities for us to lose personal data is extremely high. Direct attacks on websites such as Ashley Madison and the recent IoT-based attack on Internet performance management company Dyn that rendered some of the world’s most famous websites including Reddit, Twitter and The New York Times temporarily inaccessible, are incredibly damaging both in terms of profits and reputation, but also to the levels of trust users have in the Internet”, he added. 

Also Read: Are CIOs Ready For Cybersecurity Preparedness?

Another study from earlier this year revealed that many IT professionals are not confident that they would be able to protect data in the event of a successful attack. The Gemalto Research revealed that despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe perimeter security technologies are effective against data breaches. 

The Internet Society urged organizations to change their stance and follow five recommendations to reduce the number and impact of data breaches globally:

# Put users who are the ultimate victims of data breaches- at the centre of solutions. When assessing the costs of data breaches, include the costs to both users and organizations.

# Increase transparency about the risk, incidence and impact of data breaches globally. Sharing information responsibly helps organizations improve data security, helps policymakers improve policies and regulators pursue attackers, and helps the data security industry create better solutions.

# Organizations should be held to best practice standards when it comes to data security.

# Organizations should be held accountable for their breaches. Rules regarding liability and remediation must be established up front.

# Increase incentives to invest in security – create a market for trusted, independent assessment of data security measures so that organizations can credibly signal their level of data security. Security signals help organizations indicate that they are less vulnerable than competitors.