Employees introduced 27% of third-party cloud applications in today’s enterprises, unbeknownst to IT security, according to the 10th Annual Cisco Cyber Security Report. Bryant G. Tow, Managing Partner of CyberRisk Solutions, shared that these applications can be anything from a mortgage calculator to a file-sharing application such as Dropbox.
“These applications are allowed because they look like web traffic,” Tow explained. The problem? If a breach occurs because an employee introduces an application, the responsibility falls on the company, not the employee.
According to the Cisco Cyber Security Report, those breaches cost companies a significant amount of money. In fact, more than one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20%.
A highlight in the report that Tow says is consistent with what he sees in his work on cyber security is that four in 10 companies said losses were substantial and explained that insurance companies many times won’t pay for those losses if the action to release the malware or cause the breach was taken internally. That means that if your employee introduced the breach through use of a malicious application, for example, insurance might not cover it.
He went on to outline and explain the four categories of loss as: Foregone Revenue, Ancillary Payments Related to the Loss, Lability Losses, and Reputational Damage — for which there is no measurement.
The Cisco Cyber Security report backs up Tow’s assertion regarding reputational damage, showing that more than 50% of organizations – from small-to-medium businesses to enterprises – faced public scrutiny after a security breach. These companies reported that operations and finance systems were the most affected, followed by brand reputation and customer retention. For organizations that experienced an attack, the impact was substantial:
- 22% of breached organizations lost customers — 40% of them lost more than 20% of their customer base
- 29% lost revenue, with 38% of that group losing more than 20% of revenue
- 23% of breached organizations lost business opportunities, with 42% of them losing more than 20%
Listen to Tow’s interview below to learn more.