Nearly two-thirds (65%) of IT security decision-makers have admitted their business is complacent about the protection of its customers’ data, despite most acknowledging that a data breach would have a serious impact on both revenue and customer trust.
According to a study by Kaspersky, many organisations are failing to take the necessary steps to prevent data breaches, while security chiefs are failing to implement effective measures to protect customer data from cyberattacks.
For instance, nearly three-fifths (57%) say they do not currently have a cybersecurity policy in place; a figure which rises to more than two-thirds (71%) of medium-sized businesses (250 to 549 employees). Just four-in-ten (41%) businesses surveyed believe their organisation is protected with robust endpoint security.
The majority (69%) of those surveyed are also concerned they would lose customers following a data breach, while nearly three-quarters (74%) believe that being perceived as cyber-complacent would be damaging to business.
However, Kaspersky claims these concerns are not being met with appropriate action, with only 38% of respondents carrying out regular risk assessments. Kaspersky recommends that companies conduct a cyber-risk assessment at least every six months to ensure policies and safeguards are up to date and fit for purpose.
The report insists it is unsurprising that almost half (47%) of all businesses have experienced at least one cyberattack in the past 24 months.
Kaspersky principal security researcher David Emm said: “Being complacent with cybersecurity, and customer data, can be incredibly costly. Along with losing sensitive information, a data breach affects business revenues, customer confidence and reputations.
“There have been many examples in recent years of household brands suffering data breaches, showing that even the most renowned businesses are at risk. For many organisations, the ramifications of a breach could be irreversible. This is why we urge business and organisations of all sizes to adopt robust cybersecurity policies, taking expertise where needed to ensure they have the best preventative measures in place.”