Another less direct effect of cybercrime’s attack on revenues is the impact on your brand. When a data breach or DoS occurs, a firm’s brand takes a hit. There isn’t any reader out there who, upon hearing the name of a particular retailer or financial firm, won’t immediately recall that firm as having been the victim of a large cyber attack and data breach. Such memories die hard. The more extensive the attack, the larger the branding hit. And, of course, companies that have been hit more than once suffer even more. It is also important to note that smaller firms may be less able to recover from brand damage than larger companies, who have deeper pockets for public relations campaigns to help restore their image.
Also, don’t think that if the cyber attack occurs in operations that are not customer-facing you are off the hook from the perspective of brand damage. As a business, you are likely subject to some data protection or data security laws, including some breach notification laws, which are laws that require a business to alert victims and/or government agencies of a data breach. While the US does not have any overarching data laws in the fashion of the European Union’s General Data Protection Regulation, particular sectors such as healthcare and education are covered by US law. If your firm collects and stores personal data, you may have a regulatory responsibility to report the breach to both a government entity, the individual victim, and the media. That means spending money on efforts to ensure compliance with any applicable laws. Meeting IT regulations can be expensive and time-consuming and failure to meet regulations and notification requirements can lead to fines and penalties.