Originally intended to come into play in 2015, the European
NIS Directive is yet to take its full shape but its potential impact on UK
& European consumer confidence should not be taken lightly.
Cyber attacks are now commonplace in the news. Until now European organisations have rested
safely in the knowledge that it is their American counterparts and not they who
are required to report security breaches and risk reputational damage as a
result. Whenever the NIS Directive comes
into force, be it this year or next, its requirements could cause catastrophic
damage to brand reputation resulting in their customers walking with their
feet…or should we say, mice.
Recent surveys conducted at the end of 2014 put the
situation squarely into context. The
Sophos 2014 Retail Security Barometer states that 72% of 250 UK retailers
surveyed did not have fundamental security in place to safeguard business and
consumer data. The Web Application
Attack Report found that 48% of attacks target retail websites and at the same
time a 2014 KPMG report states that 30% of respondents would not shop at a site
that had previously experienced a cyber attack if they had other options, and
38% said they would perceive the company in a negative light once they had
suffered a security breach. In a brave
new world where European companies will be required to report a breach, there
is a real and significant danger for brand loyalty and negative revenue impact.
Yet, this is not something new. While this problem is picking up pace, it has
been around for a long time, so why, if you look at the retail sector alone are
40% of retailers acknowledging that they ‘don’t know why’ they haven’t
implemented basic cyber security measures?
The head in the sand approach no longer cuts it, it’s not a question of
‘if’ but ‘when’ particularly when only 31% of retail organisations have any
network protection beyond a firewall.
It is easy to point a finger at retail sector, e-commerce
sites with their consumer data and payment details that are obvious nectar for
the cyber criminal. All businesses are
at risk. Dealing with businesses from
every vertical sector on a daily basis we can vouch that the state of
unreadiness for cyber attack is not restricted to the retail sector alone.
The question remains, what value do you place
on reputation and customer loyalty and what measures do you need to take to
shore up your defences?
No comments:
Post a Comment