A global Kaspersky survey shows: SMEs suffer 40 percent fewer losses through proactive communication in the event of a data protection breach. For example, large companies make 28 percent less loss through voluntary reporting. Only 46 percent of companies proactively detect data breaches. 24 percent of the disguised cases leak to the media.
Organizations that deal quickly and transparently with data breaches suffer less damage, both economically and in terms of their reputation. According to a new Kaspersky report, small and medium-sized enterprises (SMBs) that voluntarily inform their stakeholders and the public about a data breach suffer on average 40 percent less financial damage than companies where such information leaked to the media unintentionally. The same tendency can also be observed in larger companies - with 28 percent fewer losses.
Data breach: benefit from openness
Failure to provide timely and appropriate information to the public of a data breach can exacerbate the financial and reputational consequences of a data breach. One of the most famous cases is Yahoo! The company was fined and heavily criticized for failing to inform its investors of the incident. Uber was also fined for covering up a compromise.
The Kaspersky report, which is based on a global survey of more than 5.200 IT and cybersecurity experts, shows that companies that take responsibility in such situations and act transparently mitigate the damage to their own company. For example, the cost to SMBs who disclose a data breach is estimated at $ 93.000, while competitors whose incidents became public through the media suffered an average financial loss of $ 155.000. The same goes for large corporations - those who volunteered to report a breach suffered less financial damage ($ 1,134 million) (28 percent) than corporations whose incidents leaked to the press through other channels. For the latter, the financial loss was $ 1,583 million [4].
46 percent act proactively - 24 percent disguise
In general, according to the Kaspersky study, only about half (46 percent) of companies - regardless of their size - proactively uncovered data protection breaches. Almost a third (30 percent) of the companies preferred not to disclose them. Almost a quarter (24 percent) tried to cover up such an incident but saw the information leak to the media.
The survey also shows that the risks are particularly high for those companies that were unable to detect an attack immediately - 29 percent of SMBs that took more than a week to detect a compromise ended up in the media. For companies that registered a cyber attack immediately, the figure was just half (15 percent). For larger companies, the differences are similarly high at 32 and 19 percent, respectively.
Turn things in favor of your own company
“Proactive disclosure of data breaches can help turn things in your organization's favor – and that goes beyond the financial impact. When customers know firsthand what happened, they are more willing to maintain their trust in the brand. Also, the company can provide its customers with recommendations on what to do next so they can protect their property and assets. The company can thus present its point of view by providing reliable and correct information to the media, instead of publications relying on third-party sources that may misrepresent the situation,” comments Yana Shevchenko, Senior Product Marketing Manager at Kaspersky.
More on this in the blog at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/