NIS Directive: Cyber Attacks & Consumer Confidence – How Would you Fare?

Originally intended to come into play in 2015, the European NIS Directive is yet to take its full shape but its potential impact on UK & European consumer confidence should not be taken lightly.

Cyber attacks are now commonplace in the news.  Until now European organisations have rested safely in the knowledge that it is their American counterparts and not they who are required to report security breaches and risk reputational damage as a result.  Whenever the NIS Directive comes into force, be it this year or next, its requirements could cause catastrophic damage to brand reputation resulting in their customers walking with their feet…or should we say, mice. 

Recent surveys conducted at the end of 2014 put the situation squarely into context.  The Sophos 2014 Retail Security Barometer states that 72% of 250 UK retailers surveyed did not have fundamental security in place to safeguard business and consumer data.  The Web Application Attack Report found that 48% of attacks target retail websites and at the same time a 2014 KPMG report states that 30% of respondents would not shop at a site that had previously experienced a cyber attack if they had other options, and 38% said they would perceive the company in a negative light once they had suffered a security breach.  In a brave new world where European companies will be required to report a breach, there is a real and significant danger for brand loyalty and negative revenue impact.

Yet, this is not something new.  While this problem is picking up pace, it has been around for a long time, so why, if you look at the retail sector alone are 40% of retailers acknowledging that they ‘don’t know why’ they haven’t implemented basic cyber security measures?  The head in the sand approach no longer cuts it, it’s not a question of ‘if’ but ‘when’ particularly when only 31% of retail organisations have any network protection beyond a firewall. 

It is easy to point a finger at retail sector, e-commerce sites with their consumer data and payment details that are obvious nectar for the cyber criminal.  All businesses are at risk.  Dealing with businesses from every vertical sector on a daily basis we can vouch that the state of unreadiness for cyber attack is not restricted to the retail sector alone.  

The question remains, what value do you place on reputation and customer loyalty and what measures do you need to take to shore up your defences?