Key Data on Why Cybersecurity is Everyone’s Business
Cybersecurity is an emotional issue even for the toughest business executive – so much so that the fear of getting hacked may not be enough to override the fear of borrowing trouble.
It can be easier to think, “This won’t happen to us”. But it probably will.
“There are so many threat actors and so many vulnerabilities that relatively few leaders are willing to stick their heads out for fear that they’ll be chopped off if and when a breach happens,” surmises Scott Shackelford, cybersecurity program chair at IU-Bloomington. And as long as the threats remain abstract, as long as the attacks keep happening to someone else, it’s easy for executives to keep cybersecurity sequestered in the IT department.
Data can focus your executives’ attention on why and how to educate your entire organization on data security protection. Let’s start with a look at some numbers from the Federal Bureau of Investigation:
- CEO and executive fraud cost organizations more than $2.3 billion in since 2013. Reported incidents are up 270%.
- Business Email Compromise (BEC) scams increased 2,370% over a two-year period ending in December 2016. The average loss is $130,000.
- About 1 in 4 email wire transfer fraud targets actually wire the money.
Beyond the direct financial impact of cybercrime, there’s another layer of costs:
- It takes 3 hours to clean up a basic malware attack, according to Mimecast research.
- 46% of companies have experienced reputational damage and loss of brand value from data breaches, according to Forbes Insights: The Reputational Impact of IT Risk.
- The average loss of brand value after a cyberattack was between $184 million to $332 million, according to a survey research by Experian Data Breach Resolution and Ponemon Institute.
Threat awareness and cybercrime crisis management training is crucial, per the FBI.
In a recent PSA, the Bureau states: “Businesses with an increased awareness and understanding of the BEC/EAC (Email Account Compromise) scam are more likely to recognize when they have been targeted by fraudsters, and are therefore more likely to avoid falling victim and sending fraudulent payments. Businesses that deploy robust internal prevention techniques at all levels (especially for front line employees who may be the recipients of initial phishing attempts) have proven highly successful in recognizing and deflecting BEC/EAC attempts.”
Share this information with the C-suite to establish the true cost – in time and money – of cybercrime. Then you can make the case for creating an organization-wide prevention, awareness and training program for the entire organization.