Awareness-raising and investing are the two main ways to avoid taking unnecessary risks that put your organisation on the tightrope. It is no longer just a matter of pure business, now your reputation with your customers is at stake. Cyberattacks continue on an upward curve both in volume and sophistication. What’s more, the financial impact of suffering a data breach is high. The average cost is around four million euros, according to a report by the Ponemon Institute, which also shows that spending has increased by 10% in the last five years.
The situation is more complicated for companies that are not prepared. Why? In addition to the increase in customer rotation, revenue is lost due to system downtime and lower reputation. Time is money. The fastest companies to contain cyberattacks are German, South African, and Canadian companies, while the slowest and, therefore, those that experience the greatest impact on their business are those from the Middle East and Brazil.
So, what should you do? The new normal has changed the way many organisations work. Teleworking is here to stay. However, it is accompanied by a decentralisation, with new structures that can reach private, unsecured, or unknown networks. With this in mind, suffering a data breach is inevitable. The most logical thing to do is anticipate it. Using simulations and contingency plans, a company can save up to two million dollars.
The first step is the automation of security. This is a key aspect of the digital strategy. For this reason, employee training, cyber insurance, and the involvement of all employees are essential. The second pillar is visibility. By monitoring the environment and securing offline backups, organisations will be able to discover the breach more easily and avoid paying higher fines.
Along these lines, companies that are unwilling to pay for technical knowledge to ensure compliance — there are more than 50 different privacy laws in the United States — are at higher risk of regulatory fines. Sometimes insurance covers part of the breach, however, the business has to pay higher amounts for non-compliance with the regulations.
The culture of cybersecurity is essential. Changing processes and getting certifications is important, but the key link is people. Without them, it will not be possible to move forward while ensuring business continuity and driving growth. For this reason, they must always be the focus. In fact, according to a study by a multinational company, 90% of professionals in the information security sector recognise that remote work has made it difficult to protect connected devices from geographically dispersed points.
Not surprisingly, data, workplace, and privacy security laws differ between countries and state and local jurisdictions, creating a layer of complexity; one that will last forever, at least in terms of the numbers. The same report shows that seven out of ten companies plan to permanently establish teleworking. This fundamental piece of data will translate to an increase in investment in cloud-based platforms rather than in other areas of IT.