Whenever a company suffers a headline-grabbing data breach, its reputation takes a serious blow. If you’re a big company, evidence suggests the impact is short-lived. But if you’re a small company doing business with large partners, it could be a different story. Retail giant Target saw its sales decline after suffering a breach in 2013 that compromised payment card information of 110 million customers, but one year later the company’s sales had increased. In a March 2015 article, Fortune magazine reported that breaches cost big companies “shockingly little.” Citing a study by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs, Fortune reported that breach-related expenses cost Sony, Target and Home Depot “less than 1 percent of each company’s annual revenues” after suffering major cyber attacks. Even though the study measured revenue, there is a correlation to reputation. If customers abandoned a company in droves after it suffers a breach, the impact wouldn’t be this low.
While giant corporations with ubiquitous brands appear relatively impervious to long-term damage, such may not be the case for smaller companies. In a recent study, KPMG found 86 percent of business partners in the United Kingdom “would consider removing a breached supplier from their supply chain to protect their own business from external access.” This finding is significant because cybercriminals in recent years have targeted small and midsize businesses to get to larger partners to which they are digitally connected. In the Target breach, investigators found that hackers got into the retailer’s network through a refrigeration company, Fazio Mechanical Services, which was linked to Target through an electronic billing system. Alarmingly, too many SMBs are ill-prepared to fend off cybercrime. Only 29% of SMB companies in 2015 used basic security tools such as configuration and patching to prevent breaches, down from 39 percent the previous year, according to Cisco. Their use of web security also dropped, to 48% in 2015 from 59% a year earlier. “SMBs show signs that their defenses against attackers are weaker than their challenges demand,” Cisco noted in its 2016 Annual Security Report. This means SMBs put themselves and their partners at risk of a cyber breach.
Business partners aren’t the only ones to take notice of cyber attacks. Consumers, too, see breaches as reason to reconsider doing business with a breached company. A recent Opinium study found 78 percent of consumers in the United States and Europe said cyber attacks change their perceptions of breached companies’ brands. Twenty-nine percent said their perception becomes negative, and 53 percent “thought that people wouldn’t do business with the brand in future,” as reported by IT Governance. Notice respondents didn’t say they would stop doing business with the breached company; they’re just counting on others to do so. That explains why the large brands bounce back quickly and pay a small cost for breaches. But if you’re a small company, don’t expect to enjoy the same level or resilience. If enterprises are willing to cut you off for poor security, you’d best take that as a sign to build up your defenses.
Learn more about increasing your organizations security posture