54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

PRESS RELEASE

Maidenhead, UK, Oct. 26, 2022 — Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cybersecurity technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in.

The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

"The immediate financial cost of a cyber-attack remains the number one concern for businesses," said Brendan Kotze, CEO and Co-Founder at Encore. "But security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers."

Almost half (41%) of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Kotze believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

"There is a very real problem of security feeding a false sense of confidence," he continues. "This is a risk that must be addressed through data and reporting. All too often, we see C-level executives treat their security investments as a sure way of securing their business against persistent and motivated attackers. Security or being 'Cybersafe' is not something you can measure at a single point in time – it needs to be an ongoing effort."

Kotze concludes: "Being able to instil confidence in a wide range of stakeholders, from clients to investors to staff, is fundamental to the modern business. Trust is the bedrock of success and should be the same for security as it is as a business enabler. If all companies prepare and respond to threats as if their existence (or at least a very substantial part of it) is at risk, our chances of blocking or swiftly responding to attacks is considerably higher. Cybersecurity is no longer enough; we need to channel Cyber Safety to build resilience and establish trust both internally and externally."

To further explore the true cost of cyber breaches, please find the full research report here: https://www.encore.io/the-true-cost-of-cyber-ebook?utm_source=pr&utm_campaign=encore-cyber-ebook&utm_id=cyber-ebook

About Encore

With more than 25 years' experience providing professional services and cyber security consulting for the largest companies in the world, we brought this knowledge to Encore, the leader in internal and external cybersecurity (CAASM and EASM). Our team is comprised of offensive security experts and security engineers, and consultants that know the mindset and tooling of the attackers, the internal operational obstacles, the challenges faced by security management and how to get the most out of security tooling.

Encore visualises information that can be confusing and often overwhelming, providing accurate and action-based reporting and visibility across numerous security controls, through one secure portal.

For more information, or to get in touch, visit our website: https://www.encore.io