By Dominic Chorafakis, P.Eng, CISSP – November 12, 2019
Businesses spend a lot of money building and maintaining their reputation. Recent information from the Business Development Bank of Canada (BDC) indicates that Canadian small business marketing costs average just over $30,000 a year, while those with 20 to 49 employees spend twice that amount. Companies with 50 or more employees tend to have marketing budgets in excess of $100,000. Unfortunately, many businesses fail to protect this investment and make the costly mistake of damaging their reputation by not protecting their business and client data.
Clients view their information as extremely valuable and expect companies that have it to protect it. They not only expect it, but also have legal rights that allow them to push back on organizations that don’t follow the rules. As of November 1 2018, the government of Canada has made changes to its Personal Information Protection and Electronic Documents Act (PIPEDA) requiring all organizations that hold personal information to report any significant data breaches.
The value of your reputation
The immediate business costs and disruptions caused by a data breach can be painful, but what is often more impactful and long lasting is the loss of customer trust and erosion of the company reputation. According to the IBM Ponemon Institute, 36% of the cost of a data breach comes from the loss of business stemming from loss of customer trust after a cyber incident. The message is clear, if you don’t value a customer’s information enough to protect it then you don’t value their business. A recent Verizon survey on Customer Experience found that 29% of customers would never do business with a company again if they were personally affected by a data breach.
Think about the impact that data breaches have had on a larger corporation like Marriott Hotel which lowered the company’s revenue by three million dollars following its 2018 data breach announcement. While large corporations have extensive resources and deep pockets that allow them to ride out the storm and slowly build back their reputation, small-to-mid sized businesses (SMBs) are not often not equipped with the knowledge, resources, or budget to build back customer trust which can result in an unrecoverable loss to their reputation and revenue.
Reduce your company risk
To stop your company from experiencing these damages, it is essential that you have rigorous control over the personal and client data that you handle. Avoid the all too common mistake that SMBs make of thinking that they are too small for hackers to care about. At a recent Cybersecurity For Business Leaders event in Toronto, Robert Gordon, executive director of the Canadian Cyber Threat Exchange (CCTX) stated that “Attackers will often go after a small business as an entry point to a larger target.”
Educate yourself and your staff about the risks, prepare your business with the tools needed to protect your data and finally adopt a managed cyber security service that can help identify vulnerabilities and improve security to catch threats before they become an issue. Protecting your company and clients data from cyber threats is a business imperative, your company’s reputation and viability depends on it.