Data breaches can be expensive. The average ransomware attack costs organisations about $47,000, according to the 2024 Data Breach Investigations Report, and it can even soar into the millions. Business email compromise (BEC) attacks often target executives with valuable company information. The average amount lost is over $50,000 but ransomware can exact a much greater financial toll. The biggest cost of all, however, may be the reputational damage caused by a data breach.
The price of reputational damage
It’s easier to pinpoint the financial cost of data breaches. There’s the money threat actors are able to extort from an organisation, and then there’s the number of IT personnel hours applied to responding to incidents and containing breaches. The reputational damage a data breach causes is harder to quantify, though that doesn’t make it any less real.
A data breach can prompt customers to lose trust in an organisation, compelling them to take their business to a competitor whose reputation remains intact. A breach can discourage partners from continuing their relationship with a company since partners and vendors often share each other’s data, which may now be perceived as an elevated risk not worth taking. Reputational damage can devalue publicly traded companies and scupper a funding round for a private company. The financial cost of reputational damage may not be immediately apparent, but its consequences can reverberate for months and even years.
Industries dependent on trust
All organisations rely on their reputation and the trust they cultivate, but trust is more important in some industries than others.
Finance
Consumer confidence, a form of trust, is a leading economic indicator that influences the direction of financial markets and the valuation of individual companies. How consumers perceive the economy actually has an economic impact. The subprime mortgage crisis may have been the financial mechanism that led to the Great Recession of 2008, but it was plummeting consumer sentiment that eventually tipped the global economy over the edge.
Financially motivated threat actors target the financial sector for obvious reasons: there’s ample money to be extorted. In EMEA, ransomware is one of the most common and lucrative attack patterns for cybercriminals. Because there’s more money in the pot, so to speak, hackers are more likely to use more sophisticated and labour-intensive attack patterns, which explains why system intrusion became the number one attack pattern in the finance industry this past year.
Healthcare
The digitisation of healthcare, characterised by the integration of electronic health records (EHRs) and the Internet of Medical Things (IoMT), has transformed the healthcare landscape, bringing both opportunities and cybersecurity threats. This shift toward a more connected and data-driven approach enables enhanced patient care and operational efficiency but simultaneously exposes sensitive personal health information to potential cyberattacks.
Due to the sensitive nature of personal health data, healthcare organizations become lucrative targets for cybercriminals. A data breach in the healthcare sector could severely compromise patient privacy and security, leading to the exposure of protected health information (PHI) and posing a significant liability for organizations. Therefore, safeguarding healthcare cybersecurity has become paramount to protect patient information and ensure the integrity of the healthcare system.
Healthcare organisations are responsible for holding some of the most sensitive data there is – patient records. The leaking of medical records and other confidential patient information can wreak havoc on the reputation of a hospital or other healthcare facility, as patients depend on these institutions for safety and discretion.
Hackers sometimes attack healthcare facilities by targeting medical equipment, like infusion pumps they can render inoperable for the purpose of demanding a ransom, which would have a massive impact on a hospital’s reputation (especially if it resulted in the harm of one of its patients). Compromised data is often not the fruits of an external hacker’s labour, however. Medical information is often misplaced through the actions of an internal actor, who is more often than not a non-malicious agent. Misdelivery is a common cause of data breaches in the healthcare sector according to the 2024 Data Breach Investigations Report. To mitigate such risk Data Loss Prevention tools (DLP) controls can be implemented to monitor outgoing emails for sensitive information and can alert or block emails being sent to unintended recipients.
Having recognized those challenges, Verizon enhanced cybersecurity for a large hospital system by unifying its network with Secure Cloud Interconnect and centralizing access controls. This approach improved global connectivity and security, allowing clinicians to secure access to necessary information and boost operational efficiency. The hospital system saw increased productivity and a better patient experience with consistent and reliable Wi-Fi services.
Retail
Retailers that suffer data breaches risk losing their customers to competitors. In this era of digital convenience, it’s just too easy for consumers to take their business elsewhere; and if their customers have PCI data or credentials compromised, there’s a good chance they will.
Incidentally, stolen credentials surpassed payment card information as the data most commonly compromised in the retail industry this past year. Denial-of-Service (DoS) attacks remain a big threat in retail, a threat that is amplified seasonally, as with Christmas and the end-of-year holiday season. Retailers can’t afford to have systems down during this time of year, which also makes them more susceptible to ransomware attacks.
How organisations can defend themselves
In order to optimise cybersecurity efforts, organisations must consider the vulnerabilities particular to them and their industry. For example, financial institutions, often the target of more involved patterns like system intrusion, must invest in advanced perimeter security and threat detection. With internal actors factoring so heavily in healthcare, hospitals must prioritise cybersecurity training and stricter access controls. Major retailers that can’t afford extended downtime from a DoS attack must have contingency plans in place, including disaster recovery.
These measures won’t eliminate the threat, but the truth is no business is entirely free of the risk of a data breach, but they can mitigate the risk, augment their security efforts, and reduce the potential points of entry by focusing their attention on the risks most likely to affect them. Their reputation is on the line, after all, and that may be the biggest compromise of them all.
Verizon advocates for the adoption of CTEM (Continuous Threat Exposure Management) as a cyclical program designed to prioritize potential countermeasures and enhance security posture on an ongoing basis. Through this approach, organizations have demonstrated a reduction in the time required to identify and address incidents. This is achieved by leveraging valuable insights obtained through the CTEM program and integrating them with the Security Operations Center (SOC) for improved treatment strategies.