Woburn, MA – November 30, 2020 — According to a Kaspersky report, SMBs that decide to voluntarily inform their stakeholders and the public about a breach, on average, are likely to lose 40% less than their peers that saw the incident leaked to the media. The same tendency has also been found to be the case in enterprises.
Failure to suitably inform the public about a data breach in a timely manner can make the financial and reputational consequences of a data breach more severe. Some high-profile cases include Yahoo!, who was fined and criticized for not notifying their investors about the data breach it experienced, and Uber’s fine for covering up an incident.
Kaspersky’s report, based on a global survey of more than 5,200 IT and cybersecurity practitioners, shows that organizations that take ownership of the situation usually mitigate the damage. Costs for SMBs that disclose a breach are estimated at $93k, while their peers that had an incident leaked to the media suffered $155k in damage. The same is the case for enterprises: those that voluntarily inform their audiences about a breach experienced less financial damage (28%) than those whose incidents were leaked to the press – $1.134 million compared to $1.583 million.
In North America, around half (48%) of businesses revealed a breach proactively. 27% of organizations that had experienced a data breach preferred not to disclose it. A quarter (25%) of companies tried to hide the incident, but saw it leaked to the media.
The survey further proved that risks are especially high for those companies that couldn’t immediately detect an attack. 29% of SMBs that took more than a week to identify that they had been breached found the news in the press, which is double those that detected it almost immediately (15%). For enterprises, these figures are similar at 32% and 19% respectively. In the U.S. and Canada, 39% of those who proactively disclosed a breach said they reported the breach almost immediately, while 48% said it took up to a week, and 50% said it took over a week to disclose.
“Proactive disclosure can help turn things around in a company’s favor, and it goes beyond just the financial impact,” comments Yana Shevchenko, senior product marketing manager at Kaspersky. “If customers know what happened firsthand, they are more likely to maintain their trust in the brand. In addition, the company can give its clients recommendations on what to do next so that they can keep their assets protected. The company can also tell their side of the story by sharing reliable and correct information with the media, instead of publications relying on third-party sources that may depict the situation incorrectly.”
To reduce the chance of suffering damaging consequences from a data breach, Kaspersky recommends that businesses follow these recommended actions in advance:
To read the full report, please visit the link.