Imagine, for a moment, that Jane, a young executive working for ABC in New york City, has just purchased herself a brand-new Mac (price: $5,000). And that Jane has willingly shared her credit card number with Amazon, allowing them to charge her for the purchase. In an age of increasing online marketing, this type of transaction is commonplace – so commonplace, in fact, that “Retail e-commerce sales worldwide are forecast to more than double between 2018 and 2023, surpassing 6.5 trillion U.S. dollars in 2023” (bit.ly/cyberstatistics). It’s expected, then, that Amazon, or ecommerce company, should keep your personal information, such as your address, name, and card number, secure. After all, what type of rapport would they build with their customers if the data that you entrust them with were compromised? The world of online sales, as opposed to in-person transactions, revolves almost entirely around the trust a customer places in a company. Three striking examples of this disparity are the infamous Sony, Target, and Home Depot breaches. Respectively, each breach cost the companies $35, $105, and $28 million. Furthermore, “the now infamous Sony Hack (widely attributed to North Korea’s attempt to block the release of the film The Interview) ended up costing the company about $35 million, less than 2% of the company’s projected annual revenue for 2014” (bit.ly/sonysecurity). Being as large as it is, 2% of Sony’s annual revenue is an incredibly large amount of money, and losing it dealt Sony quite a blow.
According to a study done by the Clark School of Engineering at the University of Maryland, there is a hacker attack every 39 seconds on average – affecting one in three Americans every year (bit.ly/attackstatistics). And those are just the attacks on record. Thousands of unrecognized, smaller-scale breaches happen every year. For the paying customer, this already looks grim. But how does cybersecurity affect businesses themselves? In a market saturated with online startups, retailers, and corporations, cybersecurity has become an increasingly large issue. Breaches affect every aspect of online transactions, from banking to Bumble, and whether it’s thousands of dollars or one line of code, any compromise in data security can wreak havoc on a business, especially a small one. In fact, a recent statement released by Verizon, the current largest cell carrier in the United States, with 34.91% market share, (bit.ly/cellcarrierreports), states that an alarming 61% of data breach victims are companies with less than 1000 employees (bit.ly/cyberstatisticss). Cybercriminals, it seems, prefer smaller, less protected businesses over large companies such as Microsoft or Apple. However, just because smaller businesses are targeted at a higher rate, doesn’t mean larger companies don’t get their fair share of breaches.
Perhaps the most devastating effect of continuous cyberattack is the stain it can leave on a company’s reputation. Though Amazon may bleed a decent amount of money over small attacks, their real loss is the change in their position in the market. Every month, thousands of people log onto the site, browse products, and purchase them remotely, trusting the security of their information to the company. In fact, Amazon receives roughly 200 million visits per month (bit.ly/amstatistics). To put this into perspective, that’s larger than the population of Russia. Now, let’s revisit the thought experiment begun earlier. Jane has just purchased something wildly expensive, perhaps something that she is in desperate need of. Several hours later, she receives an email from Amazon, stating that there’s been a data breach and that their information may have been compromised. Maybe Jane doesn’t understand what exactly that means, but her heart fills with dread nonetheless. As it should. In fact, the amount of information that cybercriminals can steal from her online is considerably more than what they could take from her in- person. If someone were to steal her credit card, for example, she would quickly notice, and call the bank to cancel it. However, if Jane’s card n umber is stolen online, it could be months before she even realizes, and by that time it’s impossible to know with whom that number, not to mention the other information on the card, has been shared. According to CNBC, card-not-present fraud – fraud that takes place online rather than in-person, “increas[ed] 40 percent compared to 2015. Account takeover fraud — where thieves used stolen login information to access a consumer’s accounts — rose 31 percent, and instances where fraudsters opened new accounts in a consumer’s name were up 20 percent. In all, thieves stole $16 billion, nearly $1 billion more than in 2015” (bit.ly/onlinefrauds).
Consequently, Jane would rightly no longer use Amazon, and she would likely write a negative review online. Such reviews can have major impacts on company reputation and policy. For example, “Netflix endured some serious backlash last year when it planned to raise its subscription fees by $6 without making a single service upgrade. Criticism from consumers and the media grew so strong that the company backed away from its decision” (bit.ly/consumereffects). Just a couple reviews can have a butterfly effect, rippling outwards throughout the media, and forcing companies to listen to the consumer. If a company does not take action, it’s value can be severely compromised. In fact, for publicly traded companies on the stock market, “share prices fall 7.27% on average after a breach, hitting their low point 14 market days after” (bit.ly/cyberstocks). Of course, the loss of one or two customers won’t hurt a company at all, but unfortunately, data breaches often affect much larger groups of people.
Another issue with continuous failure in cybersecurity in terms of reputation is the growing amount of bad press a company receives. After the Sony breach, for example, the company’s stock dropped 10% in one week, and according to (money.cnn.com), “there[were] also some questions about whether some A-list celebrities [would] want to work with Sony again after having Social Security numbers and other important information leaked.” One or two small-scale breaches may not be much of an issue, but as soon as a large breach occurs, one that either affects a substantial amount of people or involves a substantial loss of assets or information, a company’s reputation can be completely decimated. After such an attack, articles would be released citing the company for their lack of cybersecurity, and while many of these articles may fly under the radar, it’s almost guaranteed (the bigger the attack the better the chance) that one or two will find their way to the top of a major search engine, such as Google or Bing. When this happens, anyone who clicks the name of your company, or anything affiliated with it, into a search engine, they will be bombarded with aforesaid negative articles and reviews. Furthermore, people tend to read such reviews rather than forming their opinions about a company. Roughly 86% of online shoppers will read reviews before committing to a purchase, says brightlocal.com (bit.ly/reviewstatistics). In addition, according to a New York Times article, “in 2016, the Pew Research Center found that 82 percent of American adults say they sometimes or always read online reviews for new purchases. And more than two-thirds of regular review readers believe that they’re “generally accurate.” Additionally, people associate more value with negative reviews than with positive ones. The same article goes on to state that, “there are many more positive reviews online than there are negative ones, studies show, which creates a scarcity of negative reviews that we associate with value. (bit.ly/cyberpsychol). Thus, even if your company’s search page has one negative review and ten positive ones, the negative one is often enough to drive away customers. Maintaining a positive image, therefore, is vital to the success of online businesses, and cybersecurity ties directly into that image. Just the same as a bank must be secure and near impossible to break into, so too must a website be secure in its storage of personal data, or else its reputation will plummet. Nobody would entrust their cash with a bank that had no walls, and in that vein any online company with faulty cybersecurity is doomed to fail.
Aside from customer rapport, compromised security has a highly negative effect on shareholder confidence. Obviously, nobody wants to fund a floundering enterprise, and a major data breach can oftentimes create a domino-like effect, wherein the customers lose confidence, the company loses money, and as a result the investors lose faith and pull out. Since investment is built on faith in the success of an enterprise, any sort of failure in cybersecurity will have the double effect of ruining the customers faith in the business, which in turn ruins the investors faith in the business. This creates a vicious cycle, because when an investors’ faith in a company decreases, so too do the assets provided to the business. The less money a business can count on from investors, the less likely it is that they will be able to protect themselves from future attacks. According to (bit.ly/stakeholdertrust), “Loss of customer and stakeholder trust can be the most harmful impact of cyber crime, since the overwhelming majority of people would not do business with a company that had been breached, especially if it failed to protect its customers’ data. This can translate directly into a loss of business, as well as devaluation of the brand you’ve worked so hard to build.” In such a situation, a company’s stock prices will take a nosedive, essentially ruining any chance of redemption that the company might have had. For example, “in an analysis of 65 companies affected by hacks since 2013, security consultant CGI and Oxford Economics found that the share prices of two-thirds of firms was adversely impacted, with financial firms the worst affected. In some cases, breaches have wiped as much as 15% off companies’ valuations” (bit.ly/consumertrustafterbreach).
It’s in this area that RsquareMedia operates so successfully. Since data breaches and negative reviews can ruin a company, businesses often employ media companies, such as this one, to provide them with online reputation management. In a nutshell, ORM is the practice of tailoring what a company wants their online image to look like, by both pushing negative reviews to the bottom of the search engine, and elevating the positive ones to the top. In order to check the reputation of anything today, whether it’s a restaurant or an online retailer, most people are satisfied with a simple Google search. Therefore, by customizing a search page to project a specific image, successful reputation management can turn a business from one star to five stars, simply by moving around information.
In such situations, as many companies have found themselves, there comes a time when their security has been compromised past the point of no return. That line is different for every business, of course, with larger companies standing with more to lose than smaller ones, but regardless there is a point of no return for every competitor in the market. At this point, a business will have lost so much, whether it be in assets or data, that risk management no longer becomes the key issue – rather they begin to focus on risk limitation. Their reputation already compromised, most companies that have fallen victim to continued cyberattacks can do is try to mitigate the pre-existing damage, instead of preparing for future crises.
However, there is hope for the future. As cyber criminals become more talented, so too do encryption keys and other methods of cybersecurity become more advanced. The risk of data breaches has not impeded many people from entrusting the internet with some of their most precious information, and this is the case for a reason. In order to better understand the threats that they face, companies have begun to employ previous cyber criminals. According to Matan Or-El, co-founder and CEO of Panorays, businesses have already started to “assess their cybersecurity as seen from the hacker’s point of view” (bit.ly/cyberfuture). In this way, companies can get a better sense of how to defend themselves, which will hopefully decrease the amount of successful cyberattacks in the future of online markets.