Being the victim of a ransomware attack can severely impact the way users and customers perceive your brand. When people know you have been targeted by hackers, they may choose to distance themselves (and their data) from your organization for months or years after the fact.
This is understandable behavior, and it’s difficult to control. Organizations have to report ransomware attacks to the authorities, and they’re obliged to inform users and customers about those attacks. Failure to do so leads to even more significant reputational damage on top of fines and legal consequences depending on your jurisdiction.
Every individual who entrusts your organization with their personal data – whether it’s their phone, credit card, or social security number – expects you to secure their data and do everything in your power to keep it out of the hands of hackers. They expect you to protect their confidentiality no matter how many millions of dollars it may cost. Breaking that trust carries long-term consequences that are difficult to quantify. Class action lawsuits are another risk facing organizations that fail to keep customer data secure.
The current trend towards double extortion attacks (where hackers demand ransoms from organizations and extort money from the individuals whose sensitive data they’ve stolen at the same time) makes reputation even more important. Your customers may be impacted by ransomware attacks even if your organization successfully avoids paying the ransom.
According to a PricewaterhouseCoopers report, almost nine out of every ten consumers say they’ll take their business elsewhere if a data breach occurs. People are cognizant of security risks and will take decisive action if their needs are not met.
The way your security team addresses ransomware risk is an important part of your brand’s core values. If your customers believe you will sell their data to hackers in order to save your own business, they are unlikely to continue doing business with you for very long.
Original Source link