Can Data Breaches Be GOOD For Some Corporate Brands?

0

By Christos Makridis

Surprisingly, data breaches can be good for some corporate brands, a new study shows. 

When hackers pirate their way past corporate firewalls and publicize the private lives of consumers, the betrayal of consumer trust and the aura of corporate incompetence should sink a company’s reputation. But the real world is more complicated. 

Certainly large data breached – such as the Crypto.com breach earlier this month or the June 2021 breach of LinkedIn that impacted 100 million users — can hurt a company’s brand power, at least for a time. But, strangely, smaller data breaches can actually boost a brand, according to a recent study in  the Journal of Cybersecurity. 

The effect of data breaches on a company’s reputation depends on the size and significance of the breach, the study found. While the largest and most significant data breaches lead to a 5–9% decline in a company’s brand power, the average-sized data breach results in a 26-29% increase. The study examined data on 45 companies from Tenet Partners, a market research company that has been measuring brands across firms for more than a decade, through its CoreBrand Index.

Companies are most vulnerable when a data breach is particularly large or occurs when investors or others are already questioning the company’s reputation. In those unhappy circumstances, the company’s reputation surely suffers. Yahoo! learned this the hard way when a 2014 data breach was publicly revealed in 2016, resulting in rounds of criticism and piles of lawsuits.

However, if a data breach is relatively minor and only receives limited negative media attention, it might end up having a positive effect as more people learn about the company and its products and dismiss the breach as bad luck. Honda partnered with an email marketing firm that experienced a breach in 2010, but according to the study, the automaker’s reputation grew as it received media attention.

Why does bad news help some companies? Consider the case of the Colonial Pipeline. When the natural gas pipeline company suffered a ransomware attack in May, consumers largely saw the pipeline company as an innocent victim and investors took a fresh look at the company, building its name ID in both cases. 

Meanwhile, public perceptions of the quality of Colonial’s brand actually improved.

This unexpected effect on brand reputation may lead insurance companies to reconsider how they price and assess risk for cybersecurity policies. Small breaches, even if they generate a few negative headlines, may not actually be catastrophic events that require insurance payouts, if the Journal of Cybersecurity study is correct. The journal article notes: “These results are important for the emerging insurance industry that seeks to price cybersecurity risk. In particular, insurance companies must account for the effects of data breaches on firm reputation and familiarity, as well as the role that the media plays in amplifying these perceptions.” 

On the other hand, insurers are well aware that the risk of attacks from malicious actors seems to be rising. 

“We’ve seen a huge uptick in ransomware attacks since the start of the pandemic as the success of attacks and high payouts in the hundreds-of-thousands or even millions-of-dollars ranges have attracted new entrants into the ransomware market,” said Caitlin Doherty, head of Global Communications at Rapid7, a Boston-based cybersecurity firm. “Criminal actors in this market face little in the way of risk or barriers to entry as they rarely face prosecution due to safe-haven nations, can purchase technical tools and capabilities to mount attacks, and the burgeoning attack surface and complexity of technical environments means opportunities for them abound.”

This has led to an increasing recognition that private sector entities will need to “strengthen their security posture,” according to a 2020 report by the Cyberspace Solarium Commission.

The lack of digital and cybersecurity literacy among executives and consumers is one reason that even basic cybersecurity practices are not adhered to, the report says, suggesting more emphasis on K-12 cyber education, so children are exposed to it early.

“We all know and accept that math, science and English are key components to a successful K–12 education, but what about technology? Most children have had their hands on a keyboard or mobile device by the age of 3, yet our educational system does little to teach them how to use these devices or, more importantly, how to use them safely,” said Matt Dunlop, the chief information security officer at Under Armour and former director of applied research and development for the U.S. Cyber Command.

Some 90% of breaches originate due to manipulation of individual employees, such as phishing, according to cybersecurity firm Kaspersky. Dunlop says “improving society’s awareness of the threat would not only make for a better-informed consumer but also reduce the risk by making employees more security conscious. 

Just because some companies seem to benefit from cyber attacks, experts say, doesn’t mean that companies should stop trying to prevent them. The benefits are small and transitory while the risks are large and frequently win the attention of regulators.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment