Preparing for the Cyber-Attack That Succeeds
Cybercrime is on the rise. According to Symantec, more than 1 million people are victims of cyber-attacks every day, at a global annual cost to consumers of almost $113 billion.1 The cost to businesses is even greater. A recent study sponsored by McAfee, a subsidiary of Intel, put the global figure at more than $400 billion annually.2 And, of course, beyond the dollars, the cost in reputational damage, consumer confidence in the brand, and time to recovery can be enormous.
While major high-profile security breaches, such as those recently suffered by Target and Home Depot, make the biggest splashes in the news, the attacks are not limited to national and multinational companies. For example, the largest online breach targeting credit card data in Australia’s history occurred in December 2012, when criminals attacked 46 small and midsize businesses—the majority of which were service stations and individual retail outlets.3
The principal lesson to be learned is that companies of all sizes are vulnerable to cyber-attacks. Unfortunately, many don’t view themselves that way because they believe they are too small to be targeted. But from a risk-management perspective, that is exactly the wrong attitude to take.
Because of the devastating impact that a major breach can have—on both the top and bottom lines, on the brand, and along many other dimensions of the business—and because of the increasing likelihood that such an event may one day occur, it is prudent to rank cyberthreats as one of the three largest areas of exposure for essentially every business. As such, thwarting cyber attacks, as well as planning for how the company will respond in the event of a successful major breach, should be a C-suite-level concern, and not something relegated to the IT department and then promptly forgotten—until it’s too late.