A survey of 2,000 consumers in North America, UK, France and Germany reported that 37 percent will switch to a competitor company if systems are not back online within 24 hours of a ransomware attack operational disruption, and 66 percent will turn to a competitor if systems are not restored within 3 days. 59 percent would ‘likely avoid doing business with an organization that had experienced a cyberattack in the past year’, and more than 80 percent reported sharing their negative ransomware-related experience with family, friends and colleagues.
The survey also revealed that banking and communications providers are at particular risk of losing consumers due to a breach, with nearly half reporting they would immediately move to a competitor if their bank or securities provider experienced a breach that impacted operations. Forty three percent would do the same for their telecoms provider.
However, there is a positive message for companies. More than half of survey respondents said they would pay more for products from banking and securities providers that were believed to be more secure, and 40 percent said the same about healthcare, insurance and retail category companies.
These survey results are in line with Cyberhedge findings that ransomware is the most damaging and costly type of breach event for companies and their shareholders. While data breaches involving loss of personal information impose costs to companies such as systems repair costs, fines and paid monitoring service for affected users, operational disruptions are normally much more damaging to companies’ bottom lines.
This is clearly illustrated by the finding that more than one third of customers would leave for a competitor due to systems being down for 24 hours. This should be a wake-up call to companies about the critical importance of making the necessary investments into their overall cyber governance that lowers the probability of such an event occuring. Companies spend huge amounts of money on customer acquisition costs so protecting against the loss of a significant number of customers and their recurring revenues should be a clear strategic priority.
C-suites should pay close attention to the finding that around half of customers would pay more for products that are believed to be more secure. This validates a core Cyberhedge view that IT security should be thought of not as a cost item to be squeezed as much as possible, but as a differentiating factor that companies can use to increase revenues, margins and outperform.