.webp)
How data breaches erode trust and what companies can do
Data breaches can be expensive. The average ransomware attack costs organisations about $47,000, according to the 2024 Data Breach Investigations Report, and it can even soar into the millions. Business email compromise (BEC) attacks often target executives with valuable company information. The average amount lost is over $50,000, but ransomware can exact a much greater financial toll. In response, governments and regulators are increasing pressure on companies to protect customer data. Australia's draft Cyber Security Act, for instance, includes provisions for higher penalties. However, the biggest cost of all, may be the reputational damage caused by a data breach.
The price of reputational damage
The reputational damage a data breach causes is harder to quantify, though that doesn't make it any less real. It can prompt customers to lose trust in an organisation, compelling them to take their business to a competitor whose reputation remains intact. A breach can discourage partners from continuing their relationship with a company since partners and vendors often share each other's data, which may now be perceived as an elevated risk not worth taking.
Industries dependent on trust
All organisations rely on their reputation and the trust they cultivate, but trust is more important in some industries than others.
Finance
Consumer confidence, a form of trust, is a leading economic indicator that influences the direction of financial markets and the valuation of individual companies. The subprime mortgage crisis may have been the financial mechanism that led to the Great Recession of 2008, but it was plummeting consumer sentiment that eventually tipped the global economy over the edge.
As financially motivated threat actors increasingly target the financial sector, safeguarding consumer trust becomes essential.
Healthcare
The digitisation of healthcare, characterised by the integration of electronic health records (EHRs) and the Internet of Medical Things (IoMT), has transformed the healthcare landscape, bringing both opportunities and cybersecurity threats. This shift toward a more connected and data-driven approach enables enhanced patient care and operational efficiency but simultaneously exposes sensitive personal health information to potential cyberattacks.
Due to the sensitive nature of personal health data, healthcare organisations become lucrative targets for cybercriminals. A data breach in the healthcare sector could severely compromise patient privacy and security, leading to the exposure of protected health information (PHI) and posing a significant liability for organisations. Therefore, safeguarding healthcare cybersecurity has become paramount to protect patient information and ensure the integrity of the healthcare system and the reputation of the healthcare facility.
Hackers sometimes attack healthcare facilities by targeting medical equipment, like infusion pumps they can render inoperable for the purpose of demanding a ransom, which would have a massive impact on a hospital's reputation (especially if it resulted in the harm of one of its patients). Compromised data is often not the fruits of an external hacker's labour, however. Medical information is often misplaced through the actions of an internal actor, who is more often than not a non-malicious agent. Misdelivery is a common cause of data breaches in the healthcare sector, according to the 2024 Data Breach Investigations Report.
Having recognised those challenges, Verizon enhanced a hospital's cybersecurity by unifying its network with Secure Cloud Interconnect and centralising access controls. This improved connectivity and security, enabling secure access to vital information and, increased productivity and a better patient experience.
Retail
Retailers that suffer data breaches risk losing their customers to competitors. In this era of digital convenience, it's just too easy for consumers to take their business elsewhere, and if their customers have PCI data or credentials compromised, there's a good chance they will.
Incidentally, stolen credentials surpassed payment card information as the data most compromised in the retail industry this past year. Denial-of-Service (DoS) attacks remain a big threat in retail, a threat that is amplified seasonally, as with Christmas and the end-of-year holiday season. Retailers can't afford to have systems down during this time of year, which also makes them more susceptible to ransomware attacks.
How organisations can defend themselves
To optimise cybersecurity efforts, organisations must consider the vulnerabilities particular to them and their industry. For example, financial institutions, often the target of more involved patterns like system intrusion, must invest in advanced perimeter security and threat detection. Healthcare facilities dealing with internal threats must prioritise cybersecurity training and stricter access controls. Major retailers, susceptible to DoS attacks, need robust disaster recovery plans.
The Australian government's adoption of international cybersecurity standards and data breach disclosure laws under the Cyber Security Legislative Package underscores the importance of sector-specific frameworks to build resilience and maintain trust.
These measures won't eliminate the threat, but the truth is no business is entirely free of the risk of a data breach, but they can mitigate the risk, augment their security efforts, and reduce the potential points of entry by focusing their attention on the risks most likely to affect them. Their reputation is on the line, after all, and that may be the biggest compromise of them all.
