There are some injuries to the human body where you put the bone in a sling and wait patiently for a full recovery. But there are others where the pain is both chronic and incurable — where an injury, once sustained, can never really be made better, only worse.
When it comes to enterprises, a cybersecurity episode falls into this latter category. That’s because a breach itself is not nearly so damaging as what comes after — namely, the precipitous loss in customer trust that an attacked business will experience.
Brand Reputation is on the Line Following An Attack
In a piece for Security InfoWatch, security expert Steve Durbin wrote that cybersecurity incidents are the ultimate threat to a business’s brand reputation.
After all, as soon as a company reports a breach to the public, it is tacitly admitting that it is not as secure as customers thought it was. While many breached businesses attempt to downplay a security episode or represent it as an anomalous occurrence, customers tend to quickly see a malicious incursion for what it is: A sign that a business they trusted lacked the proper enterprise security to keep the bad elements out.
In recent large-scale attacks, the letters that go out to customers seem to have one thing in common: An attempt to minimize the incident. An announcement on eBay’s site telling customers to change their passwords, for instance, only mentioned the fact that the company had been hit by a cyberattack once — despite the fact that that attack directly impacted 233 million people, according to the Mirror.
Companies Must Boost Resilience Before an Attack Happens
According to Durbin, the fact that security episodes have the potential to destroy a brand’s reputation should provide all the impetus a company needs to develop a preparedness plan so that type of situation never happens.
“Cyber resilience requires recognition that organizations must prepare now to deal with severe impacts from future cyber threats that cannot be predicted or prevented,” he said. “Traditional risk management is insufficient to deal with the potential impacts from unforeseen activities in cyberspace. That’s why enterprise risk management must be extended to include organizational risk and cyber resilience.”
This resilience may not be possible to develop overnight. But as long as a company gives cybersecurity the attention it deserves, it can go a long way toward staving off a malicious infringement.