In the last week alone, there are have been two major ransomware attacks in the state of Maryland. The first ransomware attack shut down Baltimore County Public Schools for three days. The second, unrelated attack prevented medical professionals at the Greater Baltimore Medical Center (GBMC) from accessing patients’ medical portals. Now, these organizations are left attempting to salvage both their cybersecurity systems and their reputations. Email notices have gone out to their respective students and medical clientele, notifying them of any possible data leaks and how they are managing the situation.
Cyberattacks Impact on Reputation
Cyberattacks have a tremendous impact on an organization’s reputation. According to Varonis, 80% of consumers will not use a business that was a victim to a breach. Additionally, 85% will tell others of the incident, showing that even if a person is not a victim of the breach, they will still be aware of the organization’s breach and potentially not use them.
Measuring the Damage To Reputation
One of the most difficult measurements in cybersecurity is the damage to your organization’s reputation. Afterall, reputation can be equated to a number of different factors within an organization. However, we can most easily see the damage to reputation by looking at publicly traded companies and their stock prices. For example, in 2014, Target’s stock fell 11% after the retailer announced that it was a victim of a data breach. Over 70 million people and 40 million accounts were exposed, which resulted in $61 million in related costs and a public relations nightmare.
Small businesses were the most targeted group for data breaches in 2019. If you are the owner of private organization, you are probably left wondering what to do in the event of a cyberattack and how to measure the damage to your reputation. Of course, there are tangible items that can be measured—legal liabilities, customer relations, regulatory compliance costs, technical recovery costs, etc.—but your organization’s overall reputation can take months, if not years to recover.
Managing Reputation After An Attack
The steps your organization takes after a cyberattack can make or break its reputation. The following weeks and months are crucial to gain back the trust of your clients. There will be a large increase of calls and messages from your customers and partners to determine how their Personally Identifiable Information (PII) will be protected in the future. If these are not properly thought out and clearly defined, it could push your customers and partners further away. When dealing with damage control, it is imperative to be clear and open regarding the corrective action plans; this shows everyone that the organization is not hiding additional issues and is being as honest as possible.
The best path for each organization is to prepare for the likely outcome of a breach by developing a comprehensive Incident Response Plan while running through tabletop exercises to test it. Each tabletop exercise should test different business components and identify gaps in the plan so they can be mitigated. This helps test the organizations readiness along with the supporting components of the IR Plan, such as recovery sites and vendor responsiveness.
If you have questions about cybersecurity and how to safeguard your reputation, contact us. Slate Enclave is the trusted partner for custom security solutions, tailored to your business. Our team performs audits for organizations to determine where their security systems are deficient and how to mitigate these deficiencies.