The effects of breaches aren’t limited to outages. Breaches also mean
the loss of money, time, and reputation. Security teams who believe they
will dodge this bullet are ignoring the reality of the data. As our
study shows, almost half of organizations have had to cope with public
scrutiny following a security breach. Given the attackers’ range of
ability and tactics, the question isn’t if a security breach will
happen, but when.
...
The damage to organizations goes far beyond the time it takes to deal
with a breach or outage. There are real and substantial impacts that
enterprises should try mightily to avoid.
As seen in
Figure 55,
36 percent of security professionals said that operations was the
function most likely to be affected. This means that core systems of
productivity, which affect industries from transportation to healthcare
to manufacturing, can slow down or even grind to a halt.
After
operations, finance was the function most likely to be affected (cited
by 30 percent of the respondents), followed by brand reputation and
customer retention (both at 26 percent).
No organization that
plans to grow and achieve success wants to be in a position of having
critical departments affected by security breaches. Security
professionals should view the survey results with an eye toward their
own organizations, and ask themselves: If my organization suffers this
kind of loss from a breach, what happens to the business down the road?
The
opportunity losses for companies suffering online attacks are daunting.
Twenty-three percent of the surveyed security professionals said that
in 2016, their organizations experienced a loss of opportunity due to
attacks (
Figure 56).
Of that group, 58 percent said that the total opportunity lost was
under 20 percent; 25 percent said the lost opportunity was 20 to 40
percent, and 9 percent said the lost opportunity amounted to 40 to 60
percent.
Many organizations can quantify the revenue losses they experience due to public breaches. As seen in
Figure 57,
29 percent of security professionals said their organizations
experienced a loss of revenue as a result of attacks. Of that group, 38
percent said that revenue loss was 20 percent or higher.
Online attacks also result in fewer customers. As shown in
Figure 58,
22 percent of organizations said they lost customers as a result of
attacks. Of that group, 39 percent said they lost 20 percent of their
customers or more.
