Many companies could be at higher risk of business insolvency due to a failure to prepare for the financial impact of data breaches, according to a report from Experian.
The credit reference agency notes the increasing prevalence of high-profile data breaches in the news, with companies of all kinds being targeted by hackers keen to uncover sensitive customer data, credit card details and so on.
Yet while three quarters of UK SMEs suffered some form of data breach last year, only 45% have a response plan in place, and 60% of these do not factor in the impact of customer remediation, while half fail to consider insurance or the cost of communications relating to the breach.
Jim Steven of Experian said: “Our study has uncovered an ‘it’ll never happen to us’ attitude among Britain’s most vulnerable businesses. While it’s understandable that smaller businesses may feel they lack the resource or expertise to prepare for a data breach, they are also the most vulnerable.
“Whether due to sophisticated cybercrime or basic human error, the true cost of a breach is far worse than companies are imagining, and for small companies especially, businesses need to ask themselves whether their business could survive if two thirds of their customer base were to disappear overnight.”
Half of the SMEs who had no plan in place said it wasn’t a priority, while 40% simply did not believe they are at risk of data breaches – and for 20% the cost of producing a plan is a barrier to doing so, which perhaps raises concerns even further that those one in five might be particularly likely of facing business insolvency, if they are operating so close to their financial limits already.
Experian suggest five key points to include in a data breach response plan: legal and privacy obligations; public relations and media response; customer support and HR; coordinating with the police and regulators; and working with a resolution partner to recover from the breach.