In the IT industry, we have an appreciation for the importance of cybersecurity; it’s the essential element that protects our systems from attack so they keep working smoothly. If it’s working well, cybersecurity is in the background, ever present but unobtrusive. For most people using a computer, cybersecurity should be virtually invisible, so it’s sometimes hard to explain to non-tech people how important it is.
The way cybersecurity works in the background can be a problem when the time comes for budget allocation or upgrades. Getting CEOs to spend money on a service they never really notice is a tough sell.
If you’re talking to businesspeople about cybersecurity products you probably need to do more than just show them the label. The arguments in favour of spending money on cybersecurity are not self-evident to the average business decision-maker. CEOs need a bit of context to clearly understand the value of security products as they relate to everyday commercial realities and the bottom line.
Cyber-attack reality check
It’s useful to give decision-makers some ‘reality check’ information about the destructive potential of data breaches.
This is the part of cybersecurity that most businesspeople are at least somewhat aware of, but it’s useful to remind them about the current realities:
- Recent research by the World Economic Forum (WEF) found that cybercrime attacks on businesses almost doubled in the five years 2012 to 2017.
- In 2016 alone, more than 4 billion data records were reported stolen from companies.
- The WEF’s research found that the growth in cybercrime is driven not only by the potential for big rewards but also by expanded opportunity because cybersecurity preparedness is lagging behind the adoption of online systems.
- The annual cost of responding to cyber-attacks is approximately US$16.5 million per company.
- 357 million new malware variants were released in 2016 alone
- FBI cybercrime data forecasts the financial cost of cybercrime in 2018 to exceed US$12 billion dollars globally.
- Europol has released data showing that cybercrime is now the world’s most profitable crime category; ‘more profitable than the global trade in marijuana, cocaine and heroin combined.’
Tightening regulations
The rapid growth in cybercrime and data breach incidents has spurred governments and regulatory bodies to take a more aggressive stance on cybersecurity legislation.
- Starting May 25, the EU will introduce their General Data Protection Rule (GDPR), under which companies will be subject to substantial fines if data they are holding is exposed by a data breach. The GDPR regime imposes harsh financial penalties for data breaches: €20 million (approximately AU$32 million) or 4% of global annual revenue, whichever is the higher amount.
> More information about the EU GDPR, here.
- On Feb 22 the Australian Government’s Notifiable Data Breach (NDB) Scheme came into effect. Under the NDB Scheme companies that handle people’s personal data like bank account information, credit card details, medical records etc, are obliged to report data breaches to the Office of the Australian Information Commissioner (OAIC). They must also directly inform people whose information is exposed so they have the best possible opportunity to protect themselves from adverse effects.
> More information about the NDB Scheme, here.
Data-breaches are bad for business
The damage sustained by companies as a result of cyber-attack go far beyond the immediate financial losses. High profile data-breach incidents like the ones recently experienced by Equifax, Uber or Facebook continue to cause reputational harm months and even years after they occur.
A company’s failure to protect their systems from hacking is a perceived liability to their customers, trading partners and shareholders.
A report on the Equifax breach by Wired showed that Equifax postponed announcing the breach for months after the incident, waiting until September 2017 to notify their customers. Following the delayed announcement shares in the company plunged by 25%.
Equifax issued a report last November estimating the losses already sustained by the company at US$75 million. The future litigation costs could potentially continue for decades.
When Uber was attacked by cybercriminals and suffered a data breach they allegedly paid US$100,000 to the hackers the hackers to keep quiet about it. Uber’s executives actually made their problem worse by trying to hide it from the public because when the data-breach was eventually revealed the perceived cover-up became a negative news story as well - adding to a negative narrative about mismanagement in the company. Uber’s losses in late 2017 were peaking at around US$1.5 billion per quarter.
Cybersecurity is a competitive advantage
A business that implements effective cybersecurity measures can leverage their positive security status to stand out in the market. A good track record on data integrity inspires confidence in customers and business partners, as well as fortifying a company’s value with shareholders and investors.
PwC’s 2018 Global Economic Crime and Fraud Survey reports that 31% of organizations were victims of cybercrime. This figure is deeply concerning, but the actual numbers of companies impacted is probably much higher, because the anecdotal evidence suggests that many cyber-attacks are not discovered or reported.
“Cyberattacks have become a permanent and persistent threat to organizations across commercial and government sectors. The question organizations are facing is not if a cyberattack will happen, but when. The difference between the winners and losers in a cyberattack, is how effectively the organization handles the response. The degree of loss and reputational damage (impact on brand value and customer loyalty) from a major cyberattack can be severe and irrevocable. Therefore, senior executives and the board need to ask: “Are we sufficiently prepared to respond to a large-scale cyberattack?”
- Oliver Wyman Cybersecurity Report
Every company is targeted by cyber-attacks now, whether they be Fortune 500 giants or small-businesses; whether or not they succumb to those attacks is a matter of good cybersecurity implementation. All it takes for attackers to breach a company is a single virus-laden email, so having an effective security policy is vital to ensure a company’s survival.
We hear a lot of horror stories about massive, costly data breaches and hacking incidents in the media: those aren’t the sort of headlines any company wants. The companies we don’t hear about are the ones that are winning the cybersecurity battle, but in the current context of escalating cyber-attacks and massive data-breach incidents hitting companies on a regular basis, having a clean data security record is a powerful PR asset.
A company’s ability to protect their customer’s information from hacking isn’t merely a good business practice, it’s a component of positive branding.
Shared priorities
Virtually every company now uses information management systems whether it be for communication, sales, or supply purposes so ensuring the integrity of that data is a common priority for businesspeople generally.
Explaining the benefits of cybersecurity to businesspeople hinges on framing the issue in the correct way; as a matter of good financial management and positive branding.
Every CEO can see the value of building a brand that exemplifies resilience and integrity, and every CFO can appreciate the importance of avoiding security liabilities. When we talk to businesspeople about data protection we need to use the common language of financial management as well as espousing the technical virtues of cybersecurity systems.
Explaining security products
Cybersecurity is a complicated topic; it’s an ever-changing field with a lot of ambiguity. Helping business people understand the importance of effective cybersecurity can be a challenging task, but it’s what Sean Pary does all day in his role as a salesperson at MailGuard. He’s an expert at explaining cybersecurity products in language businesspeople can understand.
> Read the interview with Sean Pary, here.
Talk to us
MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.
