Data breaches can take the better part of a year to identify and contain. Measuring expenses can be a painstaking and long-term process. Some figures may be a bit more obvious to track - for example, notification expenses, insurance costs, and loss of revenue due to shut down. What’s not always always clear is whether regulatory fines will be levied. Even more opaque is quantifying the hit to brand value. Two organizations are looking to shed some light on this last cost by studying the long-term impact breaches have on the value of the world's top brands.
Digital services and consulting firm Infosys recently released a cybersecurity and brand value impact report titled Invisible Tech. Real Impact. in partnership with global brand consultancy firm Interbrand. In it, they determined that data beaches can devalue the world's top 100 brands by as much as $223B.
“To quantify this risk,” as stated in the press release, “Infosys and Interbrand identified the brand factors most impacted when a company suffers a data breach - presence, affinity, and trust - and simulated the resulting brand value at risk in the event of a breach, using Interbrand's proprietary brand valuation methodology.”
According to the report, Technology Sector brands could suffer higher overall risk from data breaches with up to $29B of potential value at risk in certain cases versus Luxury brands, which were identified as having up to $2.4B of potential value at risk.
That said, brands in the Luxury Sector can face greater value at risk as a percentage of their net income (the report puts that number at up to 115% for one industry).
The report argues that indicators such as declining revenue and stock value may only represent a fraction of the impact a data breach can have on an organization. Interbrand’s valuations included brands’ financial performance, the degree to which the brand alone influences a purchase, and competitive strength.
A second, related study, titled Invisible Tech. Real Impact. The Industry View., takes a closer look at seven sectors, grouping brands within them by industry. The following table highlights some of the industries with the most to lose.
Infosys Chief Information Security Officer & Head Cyber Security Practice Vishal Salvi was quoted in the release as saying, "Cybersecurity for long was seen as a cost of doing business. However, in this digital age, where a company's reputation is based on its ability to protect customer data and establish digital trust, cybersecurity is becoming a business differentiator. Through this report, we bring a novel approach to quantifying the impact of a data breach to the brand value to help businesses understand and evaluate if the cybersecurity investments they are making are proportionate to the risk they face. It also reinforces the need for CISOs to engage with the board and build a robust governance ecosystem while employing a 'secure by design' approach to safeguard their brand value and reputation."
Invisible Tech. Real Impact. cites seven cybersecurity steps that should be taken to maintain customer trust:
- Instill a “culture of security”
- Ensure the CISO is empowered and has independence
- Invest in cybersecurity initiatives
- Be proactive
- Commit to governance via a security board or council
- Implement a cyber risk management framework
- Confirm supply chain security
SecureCloudDB is a key part of any cloud cybersecurity strategy that’s designed to protect data where it lives - in cloud databases. Our layered security approach includes Foundational and Operational Security, which ensures all database elements are identified and secured while empowering organizations to discover and mitigate threats in real time through Database Activity Monitoring and alerting. Avoid reputational damage and long-term monetary losses to brand value with SecureCloudDB. Sign up for a free trial today.