When a customer’s sensitive data are stolen from an e-commerce business during a cyber attack, who bears the burden of responsibility? A Centrify survey asked 800 British adults how much responsibility organisations should take for cyber security, assigning them a score between 1 (least responsible) and 10 (most responsible). More than half of the respondents assigned a value of 10, meaning that they think organisations should take full responsibility for the security of customer data.
Cyber attacks are considered inevitable
Although cyber attacks are now widely considered an inevitable risk when doing business online (13% of UK adults thinks hacking is the norm), a large portion of online users try to protect themselves from cyber crime by refusing to do business with breached organisations (75% of UK respondents are “somewhat likely” to put an end to any business relationship, including 23% who are “very likely”).
What can businesses do to raise their trustworthiness?
Cyber attacks have a negative effect on business image and reputation. Coupled with word of mouth and the media, organisations can’t just put on a happy face and continue as if nothing has happened. Customer trust is an invaluable asset: it takes a lot of time to grow and maintain, and only a second to destroy. This is especially true for small and medium-sized organisations: according to a KPMG report, 89% of hacked SMEs said the attack affected their reputation.
What businesses can do:
- Implement the five security controls set out by the Cyber Essentials scheme, which could prevent around 80% of basic cyber attacks. The certification will demonstrate to customers, investors, suppliers and other third parties that basic cyber security measures are being taken.
- Adopt two-factor or multi-factor authentication (TFA or MFA) to secure customers’ login portals. TFA and MFA add extra steps to your usual username and password, such as PINs, security questions, biometrics, one-time passcodes and so on.
- Educate customers to adopt basic cyber hygiene, like reminding them to change passwords frequently, to never access their profiles from public Wi-Fi connections, etc.
- In the event of a data breach, promptly notify the affected customers and other interested parties to be as transparent as possible.
These are a few examples of how companies can protect themselves and safeguard their reputation. Book a Cyber Health Check with our experts for further advice.