Did you know that “CEO” had a different meaning in 1892? Back then, a company required a Chief Electrical Officer to oversee its electricity source due to the absence of a reliable power grid. Times change though, and, just as some needs disappear, new needs will present themselves.
Electricity and cybersecurity are actually more similar than you realize. They serve completely different functions, but they are both equally taken for granted. People don’t stop to think about electricity when they flip a light switch—it’s just one of those assumed constants in life. But if a storm comes through and knocks the power out for a couple days, you better believe electricity (or a lack thereof) is on their minds—especially when they hear the hum of a generator coming from their neighbor’s house across the street. It’s at that point (after a long period of glaring at said neighbor’s house) where people begin to consider buying generators so they never have to experience again the unpleasantness of a powerless house in the dead of winter.
Working in the cybersecurity field, the heavy lean toward being reactive versus proactive is one that has definitely left me frustrated on multiple occasions. It’s probably the same way an electrical engineer feels about the idea of not implementing a backup power system.
But the biggest difference is that if a business loses power, the consequences will typically be confined to a loss of productivity and revenue during the extent of the outage. If a business experiences a data breach, however, the fallout can also include long-term financial damage, permanent loss of business, identity theft, HIPAA violations, lawsuits, being forced out of business and, ironically, power outages.
It’s hard to nail down the exact risk of becoming a victim to cybercrime. Various respected authorities in the security field, such as Gartner, IBM, McAfee and others have reported anywhere from 44 percent of businesses all the way up to 80 percent will be hacked.
The two things that really can’t be argued?
Since the Identity Theft Resource Center began tracking the data in 2005, there have been 6,284 data breaches involving at least 864 million individual records. Now, 2016 is on pace to nearly double the amount of breaches experienced just three years ago.
A 2016 IBM study found the average cost of a lost/stolen record to be $221. Even if you are a small company, the cost will not be negligible. Theoretically, if the personally identifiable information (PII) of 100 clients and a few employees were to be involved in a breach, it could quickly become an unplanned $25,000 loss. For some small businesses, this could represent 10-25 percent of their revenue for the year.
Unfortunately, the damages are not confined to these numbers. A big key to growing and keeping a customer base is providing a reliable service or product that leaves a client feeling confident enough to hand over their hard-earned money. The public relations (PR) damage of a data breach will sever that trust for many current and potential customers. Then, when you add in the possibility of lawsuits (depending on what and how the data was stolen), you can see why a data breach spells the end for some. In fact, multiple reports say a data-related disaster will put the majority of affected out of business within two years.
Need more proof that the odds are increasingly out of your favor? Data breaches often are preempted with some legwork by the cybercriminal. This could be phishing or other various forms of social engineering. APWG reports that the amount of phishing websites has increased 250 percent from 2015 Q4 to 2016 Q1.
So, we have dramatic increases in the number of active attempts to find potential hacking victims. We also have dramatic increases in the amount of actual data breaches occurring in the business world. Yet, what we do not have, is a dramatic increase in the amount of businesses proactively protecting themselves from becoming one of those statistics.
Can you save money by ignoring cybersecurity? It sure doesn’t seem that way. Even with the lowest possible repercussion that I listed, a small business is basically flipping a coin that they will not be subject to an attack of some type.
There are resources available to help assist in staying ahead of the curve. For arguments sake, let’s just say there are 1,000 known vulnerabilities (if only the number were really that low) that could possibly put a system at risk. If put to a test, how many of those 1,000 do you think you are currently configured to avoid? 100 percent protection of your environment is never going to be realistic, but getting another pair of eyes to evaluate the security of your environment could be the difference between a company making it five years or 50.
My advice? Take 30 seconds to fill out our Contact Us form, and let us help you see what areas of your business may be posing a vulnerability to future success.