By Zack Schuler, founder and CEO of NINJIO
When it comes to cybersecurity, companies are in the middle of a trust crisis – every day, consumers are becoming more acutely aware of the ways their data are mishandled and the cyberthreats companies face. Data breaches and other cyberattacks can cost companies millions of dollars, but the price they pay in lost consumer trust and loyalty is often even more devastating. It takes many years to build a trusted brand, but that trust can disappear overnight if customers no longer feel like their sensitive personal information is secure.
Although increasingly stringent consumer privacy and security laws are becoming the norm, companies should always be ahead of these changes when it comes to cybersecurity. They need to be transparent about how they collect and use consumer data, clear about their cybersecurity policies and protocols in the event of an attack, and most importantly, committed to educating employees on how to keep themselves, the company, and customers safe. These measures won’t just ensure that companies are prepared for future cyberthreats and regulations – they’ll build healthier long-term relationships with consumers.
Why cybersecurity is moving to the top of the agenda
While companies have been increasing their focus on cybersecurity for years, this process is rapidly accelerating. This isn’t just due to the profusion of cyberthreats companies have to contend with – it’s also a response to the emerging awareness among consumers of the ways their digital interactions with companies are putting them at risk and compromising their privacy. Meanwhile, companies are realizing that many of their long-standing assumptions about cybersecurity (such as the idea that it’s strictly a matter for IT experts) no longer hold.
According to a 2021 PwC survey, 55 percent of companies say they’re planning to increase their cybersecurity budget and 72 percent say they’re capable of strengthening their cybersecurity platform while containing costs. One of the most cost-effective ways companies can become more secure is through employee education. There’s still a stubborn misconception that cybersecurity requires major investments in IT infrastructure, but a growing library of research on cyberattacks suggests otherwise.
The FBI reports that phishing – which works by manipulating victims into revealing sensitive information such as account numbers or passwords – is the most common type of cyberattack. IBM’s 2020 Cost a Data Breach Report found that 80 percent of data breaches rely on personally identifiable information (PII), which is often stolen through various forms of social engineering. The fact that a significant proportion of cyberattacks are successful due to human error is a reminder that companies don’t need sprawling IT teams to keep themselves safe – they just need to have a well-trained workforce.
Gartner reports that spending on security jumped by 10.5 percent in 2019, while investments in cloud security will increase by 41.2 percent over the next five years. However, companies should also remember that the most integral component of any effective cybersecurity platform is an educated workforce – an investment any company is capable of making.
Consumers are more concerned about cybersecurity than ever
The direct costs of a cyberattack can be ruinous. According to a 2020 IBM report, the average cost of a data breach in the United States is $8.64 million – more than any other country researchers examined. The report also found that it takes an average of 280 days to identify and contain a data breach. Although these immense costs should always be borne in mind, there are also long-term costs that are difficult to calculate.
Consumers have never been more concerned about the way their data are collected, stored, and used. A Pew Research Center report found that 81 percent of consumers feel like they have very little or no control over the data companies collect, while 79 percent say they’re concerned about how their data are put to use. PwC reports that almost 70 percent of consumers believe companies are vulnerable to cyberattacks, but just 25 percent trust that their sensitive personal information is being handled responsibly.
Cybersecurity (or a lack thereof) has drastic implications for consumer behavior – 85 percent of consumers say they won’t do business with a company if they have concerns about its security practices, while 81 percent will stop engaging with a brand online after a data breach. These numbers should be a call to action for companies – particularly as cybercriminals become more sophisticated and the losses from successful cyberattacks steadily increase.
Despite their suspicions about how companies are protecting their data, the vast majority consumers still believe the private sector is in a stronger position to protect them than the government. This is why 92 percent of consumers say companies have to be proactive about data protection. At a time when consumer trust is foundering and cyberthreats are becoming more frequent and destructive, companies have a responsibility to make their cybersecurity platform as robust as possible and tell customers how they intend to keep their data safe.
Cybersecurity awareness is the best way to protect consumers
An educated workforce is the most powerful element of any successful cybersecurity platform. The vast majority of cyberattacks rely on the manipulation of human beings – from phishing emails that convince employees to click on a corrupt link or download malware to business email compromise (BEC) schemes in which threat actors impersonate company leaders to coerce people into disclosing sensitive information. This is why companies have to ensure that every employee knows how to identify and thwart cyberattacks.
Companies are increasingly realizing that they don’t need to have an army of IT professionals to protect themselves from cyberattacks. As the aforementioned PwC survey explains: “No longer technology-focused – although tech is very much in the picture – security leaders are working closely with business teams to strengthen and increase the resilience of the organization as a whole.” This is a reflection of the fact that all employees are responsible for cybersecurity – anyone can download malware and give cybercriminals access to email accounts, cloud-based productivity apps, and other attack vectors.
According to a recent Ponemon survey, 63 percent of IT security professionals in the United States say they’ve seen an increase in social engineering attacks since the beginning of the COVID-19 pandemic. This is all the more reason why the shift toward a more holistic, people-focused cybersecurity platform is only going to become more important. As companies continue to rely on remote work, it’s essential to make sure everyone is aligned on cybersecurity best practices.
Key points
- Companies are making cybersecurity a top priority. From the emergence of strict laws and regulations around consumer privacy and security to shifting consumer expectations, there are many factors pushing companies to increase their investments in cybersecurity. As they consider which investments to make, CEOs and CISOs should remember that there are highly cost-effective ways to protect their companies, such as cybersecurity education.
- Consumers are increasingly concerned about cybersecurity. Despite the immense direct costs of cyberattacks, companies should be even more concerned about the potential reputational costs. At a time when consumers are seeing headline after headline about high-profile data breaches and dubious third-party entities collecting their data, companies should be doing everything in their power to restore confidence – from educating employees to being transparent about their security practices.
- Cybersecurity awareness is the key to building consumer trust. Companies are discovering that it’s impossible to protect themselves against rapidly evolving cyberthreats without a well-trained workforce. As the number of attack vectors continues to increase and consumers become more keenly aware of how their data are used and misused, the best way for companies to restore confidence is to demonstrate that they value security at every level of the organization.
