Cyberattacks and the Long-Term Consequences When news breaks of another major cyberattack, it usually focuses on how much customer data was stolen or how much initial money was lost. However, there are other long-term negative effects you don’t hear about as often in the news. Why? Because these effects develop more fully after the news and buzz has died down. In honor of Cybersecurity Awareness Month, here are some of the longer-term consequences that cyberattacks and breaches have on targeted organizations. Revenue Impact While there is an initial loss of money right when the cyberattack happens (especially if it’s ransomware) there’s also a lasting revenue impact, which results from lost opportunities and customers. While some of the more long-term effects can be difficult to calculate, Microsoft reports: 29 percent of organizations that suffered from a breach lost revenue, and 38 percent of those organizations lost more than 20 percent. 23 percent of organizations lost business opportunities, and 42 percent of those organizations lost more than 20 percent of new business. 22 percent of organizations lost customers, and 40 percent of those organizations lost more than 20 percent of current customers. Another study revealed that initial costs from a cyberattack are only responsible for less than 10 percent of the total revenue impact to an organization over a five-year period1. This means that 90 percent of the revenue impact comes from unexpected areas, such as business disruption, loss of property, and a devalued reputation. The study goes on to list 14 areas of impact and costs that a cyberattack can cause: Technical investigation Customer breach notification Post-breach customer protection Regulatory compliance Public relations Attorney fees and litigation Cybersecurity improvements Insurance premium increases Increased cost to raise debt Impact of operational disruption or destruction Lost value of customer relationships Value of lost contract revenue Devaluation of trade name Loss of intellectual property How do you prevent these things from happening to your organization? That’s what the next section is all about. Effective Cybersecurity Strategies To avoid these negative outcomes, it’s essential to have the right security in place. Here are some long-term cybersecurity solutions and strategies to keep your organization protected. Layered Security: Technology, People, Processes Technology services such as anti-virus, firewall protection, network monitoring, and wireless security are layers of defense to give you state-of-the-art protection. Having a network that is protected behind a firewall and an elaborate network architecture is becoming a necessity, and can be the difference between being hacked and being secure. Unified Threat Management is an effective and comprehensive approach to security that many organizations use. It includes a variety of technology services and tools (such as those listed above) to provide data security. Creating a culture around data security can also help prevent a lot of breaches. One way to start is to make security awareness training a mandatory event for all employees. This training should not only show employees the different kinds of cyber and social engineering attacks, but also show them how to recognize and avoid the attacks. You should also have a data security policy in place. A data security policy should be used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. They should include information about email policies, mobile devices, social networking, and internet usage. These policies should be documented, communicated (multiple times), enforced, and periodically reviewed and updated. Many organizations leverage third-party experts for managed security services because it provides more time for internal resources to focus on core business functions and initiatives. With a managed services provider proactively monitoring your network and patching your applications, your organization can realize efficiency and productivity gains among internal staff. Encrypt Your Data To ensure maximum protection, it’s best practice to encrypt your data while in transit and at rest. Encryption renders information unreadable when accessed without proper authorization. Having a process in place to ensure sensitive devices are encrypted and files and emails are being properly sent is imperative. Although data and money are usually the two things that cybercriminals target, the consequences and long-term ramifications are just as crucial to prevent from happening to your organization. That’s why ensuring you have the right security in place is so important. Is your organization prepared for a cyberattack? 1. Deloitte. Shane Kos Shane Kos is an Account Executive with Aureon Technology. Shane has worked at Aureon for 20 years, as both an account executive and previously as a network engineer, helping clients to manage, secure, and enhance their computer networks. His passion is providing excellent customer service and making IT management easy for his customers.