Through cyber attacks on large companies and SMEs: Around 75 percent fear a loss of reputation (SMEs 74 percent) through an attack, but not even 10 percent protect their assets for this reason. This can quickly cost reputation and customer trust.
The Kaspersky study shows the discrepancy: the top 3 reasons for protective measures do not match the top 3 feared effects. The most feared damage is financial impact and loss of reputation and customer trust. However, the main reasons for cybersecurity measures are to protect business continuity, data and customers.
Reason for protection and effects differ
The main reasons for implementing cyber protection measures in companies in Germany have little to do with what IT decision-makers actually fear in the event of an attack. This is the result of a recent Kaspersky survey. While most decision-makers choose cyber security measures to protect their data and customers and ensure business continuity, many neglect their gut feeling, which is primarily concerned with financial damage, loss of reputation and loss of customer trust as the possible effects of a successful cyber attack.
Both small and large companies are increasingly affected by cyber attacks. A quarter (26,0 percent) of medium-sized and almost two-thirds (59,3 percent) of large companies in Germany were confronted with more attacks in the past twelve months. Successful attacks can have many effects on the company, as well as on customers and partners.
Fear of losing customer trust
Almost 75 percent of all decision-makers in companies in Germany (74,0 percent in SMEs and 75,9 percent in large companies) assume that customer trust will be lost if attacks are successful. In addition, 64,0 percent of medium-sized and 80,7 percent of large companies are sure that their reputation would suffer as a result.
Furthermore, the majority (66,0 percent of the small and 72,4 percent of the larger ones) are concerned about legal consequences resulting from the GDPR, for example, and about an interruption in production (52,0 percent of SMEs and 71,0 percent of large companies). This sometimes affects the delivery of defective products; 44,0 percent of small companies and 62,8 percent of large companies fear exactly this.
Finally, all of this could have an additional impact on the relationship with partners and doing business with them. Losing business partners should their own network be successfully attacked is something that 60,0 percent of small companies fear – as does 73,8 percent of large companies. Three-fourths of all large (75,9 percent) and small companies (72,0 percent) expect related financial effects.
Discrepancy: heart versus mind
While decision-makers are aware of the consequences of a successful supply chain attack, they have other reasons for wanting to protect themselves and their partner companies. The main reasons companies have taken cybersecurity measures include:
- Protection of one's own company: 26,0 percent of medium-sized and 25,5 percent of large companies
- Protection of customers: 20,0 percent of medium-sized and 15,9 percent of large companies
- Protection of data: 36,0 percent of medium-sized and 27,6 percent of large companies
Only a small proportion see the protection of supply chains and partners (2,0 percent and 11,7 percent, respectively) and reputation (6,0 percent and 9,7 percent) as good reasons for security measures.
The supply chain is still not in sight
"Loss of reputation, delivery of defective products or even an interruption in production - all of these ultimately have financial effects that can damage the company," explains Waldemar Bergstreiser, Head of B2B Germany at Kaspersky. “In the worst case, companies have to reckon with a drop in sales and a loss of trust on the part of current partners and customers. However, there is a disconnect between the feared impact and the main reasons why decision makers ultimately take cybersecurity measures.
Based on our survey numbers, decision makers should trust their gut instincts and protect what worries them the most. It is best to take a multi-layered approach to cybersecurity that includes both technical solutions and expert services - for example, employee training, as cybersecurity awareness, should not be neglected."
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/