In a recent IT Business article I made the case that security ROI is a calculation that should not be rocket science, considering the cost of security failures. In fact, customer trust, like sensitive information is an intangible quantity, and it increasingly makes a difference in the business world.
Have you seen the numbers?
- 94% of businesses claim to have never suffered a breach.
- 77% are convinced they have sufficient protection against breaches.
- 42% are not concerned about exposing sensitive data.
What is the magnitude of the risk?
- Out of $1 trillion in cybercrime losses last year, Canadians lost over $3.1 billion.
- 69% of businesses have suffered security/privacy breaches
- 49% lost customers as a result of breaches
- 72% said that external security audits are required but
- 66% failed to complete any risk assessment last year
What do companies want?
- 65% say they need a report to show they've been audited
- 24% have never undergone any kind of security or privacy analysis, citing budget constraints, productivity loss and lack of awareness.
- 55% of those audited found that they were not actually protecting their sensitive data and need to improve
Not all of these numbers are ours. Some are derived from U.S. studies that, if anything, make them look better than they currently are north of the border. But as Target can verify after witnessing a 46% drop in sales this past quarter following their holiday season breach, customer trust and loyalty are as liquid and slippery substance as the intangible data lost as a result of breaches.
Additional note: As Bell Canada and others have indicated in the past, not all breaches are due to failures in their own security. Some can be blamed on suppliers and vendors. In such cases, companies should help those 3rd parties seek compliance and patch up their holes by recommending independent risk assessments.