Measuring the Impact of Cyberattacks: Lost Revenue, Reputation & Customers

CISOs are feeling the pressure when it comes to cybersecurity management, but new data from Cisco’s annual report may help in getting them the buy-in they need.

The Cisco 2017 Annual Cybersecurity Report, released 1/31/17, outlines some of the major trends and risks facing enterprises, compiling data from surveys of approximately 3,000 CISOs.

Cisco CISO, Steve Martino, has stated that enterprises are realizing that losses from data breaches and cybersecurity vulnerabilities have tangible repercussions for the business. As a result of public breaches, 29 percent of security professionals surveyed say their organizations experienced a loss of revenue, and 38 percent of that group said revenue loss was 20 percent or higher. Security professionals also cite rising losses of opportunity and customers after cyberattacks.

Operations and finance are feeling the effects keenest, as these are the top two functions likely to be affected by a public breach. Martino says that if an IT department experiences 1 to 8 hours of system downtime (as 45 percent of outages reported do), it can result in monetary losses but also a disruption in services and deliverables. Forty-one percent of network outages affect between 11 percent and 30 percent of the organizations’ systems, significantly hindering the business for an extended period.

Security leaders are also facing increased scrutiny from a variety of sources, including executive leadership, clients, employees, investors, regulators, insurance companies and watchdog groups, the report notes.

However, the impact of a data breach is not always negative in the long run. The survey results show that CISOs and security leaders are using the aftermath of a breach as a learning opportunity – 90 percent of security professionals surveyed said that a security breach drove improvements in threat defense technologies and processes. Thirty-eight percent separated the security team from the IT department; 38 percent increased security awareness training among employees; 37 percent increased focus on risk analysis and risk mitigation; 37 percent increased investment in security defense technologies or solutions; and 37 percent increased investment in training of security staff.

By Claire Meyer for securitymagazine.com | Image – Cisco Security Research | Article Link