Customer retention in the face of ransomware attacks
Ransomware has dominated business press banners throughout 2020. In the last quarter of the year, it remains an even hotter topic.
Earlier this month, Forbes ran a story that showed the extent to which organised cyber crime dominates our business dealings today, with a headline revealing that “REvil ransomware gang offers $1 million as part of a recruitment drive”.
It is extraordinary to think that a criminal group can blatantly advertise the fact that they have deposited Bitcoin worth $1 million on a Russian-speaking hacker Web site as part of a drive to recruit members.
The article goes on to explain that posting to a forum on the dark web, the group announced it had deposited the sum to prove it had the financial means to employ new recruits. It also announced a preference for new affiliates who would be responsible for hacking organisations with ransomware.
This is where we stand in a world where ransomware can wound, or kill, any business through reputation damage and loss of customer loyalty. IDC emphasises customer loyalty as key to competitive ability going forward.
As far back as 2015, Forrester was highlighting protection of customer data, such as credit card information, login credentials and other personally identifiable information, to be one of the top priorities for both security and risk business leaders.
The Forrester report went on to emphasise that customer data protection is a source of growth and competitive differentiation. Customer data breaches and privacy abuses lead to significant short-term costs from the immediate breach response itself, as well as to long-term costs resulting from decreases in customer loyalty/retention and lost business opportunities.
Today's savvy consumer is armed with knowledge, the power of choice and the ability to switch quickly and easily and take their online business elsewhere.
Ransomware is a modern-day scourge with an ever-broadening threat landscape. The 2020 threat landscape has expanded to include intellectual property theft − essentially the competitive differentiator for any business − such as product innovations, financial and source code information plus trade secrets, etc.
The savvy consumer
In mid-year of this year, Arcserve-commissioned research revealed the unforgiving nature of the 21st century consumer/customer and how quickly and permanently purchasing patterns plus brand loyalty can change in the aftermath of ransomware attacks.
While the Arcserve research surveyed 1 998 consumers across North America, the UK, France and Germany, but not in Africa, there are immense lessons to be learned from these international trends.
Above all, complacency about consumer reaction to the theft of data would be a foolhardy approach for business owners.
Consumers surveyed made it clear that if businesses fail to protect their data from even one ransomware attack, no second chances will be given as they will take their business to competitors whom they perceive to be more security-oriented.
Today's savvy consumer is armed with knowledge, the power of choice and the ability to switch quickly and easily and take their online business elsewhere. The Arcserve report highlights that consumers, driven by their desire for instant gratification, are increasingly transacting business online, but cautiously.
Nearly three-quarters of the consumers surveyed said they didn't believe organisations were adequately protecting their data. The report further found that 93% of the surveyed candidates carefully weigh up how trustworthy an organisation may or may not be, before choosing to do business with them.
This level of caution in turn reflects in buying patterns and of course, on bottom line − it can end up decimating it. So, it's clear that cyber attacks weigh heavily on the consumer mind.
The antithesis is that protecting customer data from ransomware can boost the bottom line, as reflected in the survey, which showed that more than four out of every 10 consumers would be willing to pay more for products and services on the basis of their belief in the supplier's ability to reliably secure their data.
Moreover, it reports that figure jumps to five in 10, or more, for some industries such as banking
and securities − this translates into a significant business opportunity.Gartner reported at its Security & Risk Management Summit that the average cost of a ransomware payment in the first quarter of 2020 was $178 254, which at today's exchange
rate is approximately R2 885 442. This figure does not include downtime cost which when factored in the figure can end up five to 10 times the ransom amount.So, should you pay the piper?
The same summit advises that paying blackmailers to get data back does not necessarily mean you will get 'all' of it back, saying you need to decide if it's worthwhile paying the criminals to get the decryption key to data versus recovering it from backups and other tools you may have available.
The latter, if correctly strategised with specialist advice, is unquestionably a better route to take. Data is the building block of our digitised society − the pressure is now on businesses to equip themselves with the right level of protection.
Business leaders need to think past the cost of said protection and move their mindsets to the cost to the enterprise of lost data, customer loyalty and depressed revenues.