Of all the devastating consequences that can follow a cyber attack on a business of any size – from a ransom demand to being locked of your own IT systems – a loss of reputation and trust can be one of the costliest. What took years to build, a cyber attack can destroy in just days. According to Hiscox’s latest Cyber Readiness Report, six in 10 (61%) of business leaders surveyed believe the reputational fall-out from a cyber attack would “significantly damage their business”. It is why now, more than ever, businesses must prioritise not just the resilience of their operations when it comes to managing the cyber threat, but also the ability to safeguard their organisation’s reputation, particularly in the event of a successful attack.
Cyber attacks tarnish a brand’s image
The cyber threat continues to grow and evolve – driven in no small part by the explosion of new technologies such as generative AI – at a speed that often outstrips businesses’ own cyber defences. And for most organisations it is a case of ‘when’ not ‘if’ they become a victim of the hackers, with over two thirds (67%) of firms reporting an increase in the number of times they experienced a cyber attack in the past 12 months. The threat though, as organisations get better at combatting ransomware, has shifted from operational disruption, with hackers now more often targeting the theft of highly sensitive information to discredit organisations, erode their customers’ trust in them and tarnish their brand image. In effect, hackers – often organised crime gangs – are threatening businesses’ reputations with all the possible downsides for a firm’s future in terms of attracting new customers, potential partners and investors. Of the organisations surveyed by Hiscox that have experienced a cyber attack in the past 12 months, nearly half (47%) report greater difficulty in attracting new customers, 43% report losing customers and over a fifth (21%) have lost business partners. For these businesses, reputational damage has had a tangible impact on their revenue, future growth and for some even their viability could be at stake.
Build cyber resilience
That’s the bad news. The good news is there is plenty that businesses can do to make sure that a cyber attack does not threaten their reputation. Building up their cyber resilience can both minimise the risk of brand-damaging data breaches in the first place, while also helping to facilitate quicker incident recovery should the hackers get through an organisation’s cyber defences. Steps include making sure security technologies are kept up to date; improving employee awareness of potential threats that can come from hacker social engineering techniques which try to get employees to make security mistakes or give away confidential company information; and enhancing threat detection capabilities. It’s no surprise that business email compromise remains the most common point of entry for cyber attacks.
Another key pillar of developing and building cyber resilience should be the consideration of cyber insurance. Not only can insurance help to ensure an organisation quickly recovers from data breaches from an operational perspective, but a good cyber insurance policy will also provide access to the legal and public relations expertise that will help a business better manage its relationships with stakeholders to minimise any potential longer-term reputational fallout.
Reputation is everything
Preventing reputational damage should always be one of the key drivers behind an organisation’s cyber risk management plan – as it is for over a third (35%) of UK business leaders. Putting in sufficient resources to strengthen cyber security defences will pay dividends in terms of reducing financial losses in the event of a cyber attack but also in protecting and enhancing business reputations. With cyber hackers effectively holding their victims’ reputations to ransom, there is no business too big or too small that is not at risk of paying a heavy price through a poorly handled cyber incident.
