Article

Small Business Data Breach: The Consequences of a Cybercrime Data Breach

WORLDPAY EDITORIAL TEAM

July 10, 2019

News stories about cybersecurity data breaches are sometimes difficult to avoid and even more difficult to digest. Data is increasingly valuable to businesses – especially data related to customers and payments.

Cyber criminals find that data valuable, too. Data that businesses rely on to serve their customers better is also the target of criminals to use fraudulently. That puts an uncomfortable target on the back of any business that accepts credit and debit card payments.

The 2021 IBM report discovered that data breach costs rose from $3.86 million to $4.24 million – the highest average total cost in 17 years. That’s a broad global statistic, but while fraud is on the rise worldwide, National Cyber Security Alliance found that 70% of all cyber-attacks target small and medium-sized businesses.

Small business owners need to grasp the consequences of a cybersecurity data breach to properly assess risk. Small businesses often mistakenly believe that they’re too small to be a target and don’t prepare. That lack of preparation creates vulnerabilities for criminals to exploit.

Running a small business requires the ability to understand, anticipate and guard against risk. Understanding risk requires a clear-eyed view of the consequences of a data breach.

So if you’re wondering, “What’s the likelihood of cyber-attack on my company?” – chances are you’re much better off being prepared. This short overview offers straight talk on the ramifications of a data breach for small businesses like yours.

Examples of cyber-attack strategies

Even small businesses have large amounts of valuable customer data. They may work with larger companies, too, becoming an entry point for a bigger attack. This makes small businesses attractive targets for a cyber-attack using some of the following schemes.

  • Malware (or malicious software) includes viruses and ransomware designed to damage a computer, server, client or computer network.
  • Viruses are harmful programs that spread computer-to-computer and other connected devices, giving cybercriminals access to a system.
  • Ransomware is a specific type of malware that can restrict access to a computer or system until a ransom is paid.
  • Phishing uses email or a malicious website to deceive a user, infecting the device with malware to collect sensitive information.

How are small businesses affected by cybercrime?


The short-term consequences: Fines, fees and frustration

If your business accepts credit and debit cards, you’re likely familiar with the chargeback process. In addition to processing legitimate customer issues, the chargeback process is also where the costs of fraud are strikingly clear. The immediate consequences of a cybersecurity data breach are less well known, but they can be every bit as damaging to your bottom line.

A host of direct financial consequences often fall directly on businesses in the wake of a data breach:

  1. Direct fines and fees.The Payment Card Industry Security Standards Council may impose fines and penalties because of a data breach. Additional fines may vary and come from both regulatory agencies and card network brands.
  2. Forensic investigations.One of the consequences of a data breach is that the business that was attacked will be responsible for performing a forensic investigation to determine the causes of the data breach. These investigations often yield valuable evidence and insights that help prevent future data breaches. In the short term, however, these investigations can be costly.
  3. Future security costs.Businesses that are the victim of a data breach may incur costs related to mandatory credit monitoring for customers whose data was compromised. Those remediation efforts may also include the costs of card replacement, identity theft repair and additional compliance requirements from the Payment Card Industry.

What about liability?

Although a business can be the victim of cybersecurity crime, it may also be held responsible for its failure to safeguard the sensitive customer information with which it has been entrusted. A business can be hit with civil liability if it didn’t take reasonable, precautionary measures for protection – or if it failed to respond in a timely and cooperative manner following a breach.

The long-term consequences: Loss of trust and diminished reputation

Perhaps the biggest long-term consequence of a cybersecurity data breach is the loss of customer trust.

Your customers share their sensitive information with businesses like yours assuming you have the proper security measures in place to protect their data. A 2017 PwC study examined consumer sentiment around cybersecurity and privacy risk reported that 92% of consumers agree that companies must be proactive about data protection.

A good reputation is often a company’s most prized asset as a business must work constantly to build and maintain the integrity of its brand. However, one compromising episode like a data breach can tarnish even the best of reputations. The PwC report found that 85% of consumers won’t shop at a business if they have concerns about their security practices.

However, businesses can and do recover from the consequences of a data breach. Yet the loss of trust and diminished reputations that data breaches cause can be measured directly on your bottom line. A 2019 Verizon study suggests that data security and privacy are essential to maintain customers. In fact, 69% of survey respondents would avoid a company that had suffered a data breach, and 29% of those surveyed would never visit that business again.

Perhaps it’s no surprise that an estimated 60% of hacked small businesses go out of business within six months of the breach.

Protection for prevention

Understanding the consequences of a small business cybersecurity data breach is an important first step on the road to safeguarding your business. The next step is creating an action plan so you can protect what you’ve worked so hard to build.

Worldpay from FIS is a payment technology leader that can help protect your business with secure transactions that minimize fraud and reduce risk. Connect with us today to learn how Worldpay can help your business reduce the risks of a data breach.