From the £99m levied against Marriott hotels to the £183m penalty slapped on British Airways, it tends to be the eye-watering fines that make the headlines. But new research has once again highlighted the long-tail impact of poor cybersecurity a business’ reputation.
In a survey of 207 business people responsible for managing cyber risk at their company, 38% admitted that they have lost business because of a poor security performance.
And it’s not just a company’s actual security hygiene that loses them cash – even the perception of sub-par cybersecurity is enough to put off customers.
Conducted by cybersecurity ratings firm BitSight and market research company Forrester, the study also found that 80% of surveyed customers experienced a cybersecurity incident in the past year alone.
The findings closely match the results of a survey conducted by Radware earlier this year. In it, 43% of surveyed companies reporting that they received a loss of reputation loss because of a successful cyberattack.
Preventing poor cybersecurity with the right metrics
Demonstrating how intertwined cybersecurity and wider business performance are, around three out of four people in C-level positions said that improving security would “greatly or significantly improve company financial performance”.
“Financial success, brand perception, business continuity and company reputation now all hinge on security performance,” said Tom Turner, CEO, BitSight.
“But in order to effectively manage performance, you have to measure it. We think this study should serve as a wakeup call for security leaders and their executives and boards to take a close look at their strategies for security performance measurement and reporting – after all, their businesses are now on the line.”
The survey also laid bare the importance of measuring security performance in a way that provides practical value. While 63% said they had introduced metrics, four out of the top five “lack context and paint an incomplete picture of security performance”.
This included metrics such as the number of malware incidents blocked and the number of data loss prevention incidents.
The study, titled ‘Better Security and Business Outcomes With Security Performance Management’, can be found here.