As a managed service provider (MSP), you know cybersecurity is a big deal. For SMBs, a breach could mean extensive damage and cost, potentially causing businesses to close their doors permanently. Your customers—even the ones that didn’t heed your warnings—will look to you as their IT provider for answers and wonder if you could have done more to prevent the attack or mitigate the damage. It’s no secret that this lost trust will harm your customer relations and your brand, ultimately putting your MSP in jeopardy.
How can you tackle the cybersecurity conversation with your clients and convince them they need to be prepared?
The scary reality is, if your customers aren’t prepared for a cyberattack, they could lose everything—and ultimately, so could you. Here, we’ve compiled stats to help you illustrate the reality of the cybersecurity threat to your customers and spark action.
The global information security market is forecasted to reach $170.4 billion in 2022, according to Gartner. And while that number is so large it’s hard to wrap your head around it, here’s another stat that might hit closer to home. According to Cybint, 95% of cybersecurity breaches are caused by human error, meaning they were likely preventable. Yes, you read that right. Would that catch your customer’s attention?
Lost business costs accounts for nearly 40% of the average total cost of a data breach, increasing from $1.42 million in 2019 to $1.52 million in 2020. On average, companies in 2020 required 207 days to identify and 73 days to contain a breach, for a
“lifecycle” of 280 days.
(Source: IBM & Ponemon Cost of a Data Breach Report 2020)
If a settlement is in the works, a small business could be in limbo for quite some time. It’s common for 3 to 5 years to pass between a breach and a settlement. During that time, the company is paying legal fees, expenses and filing costs—not
to mention the cost of the actual settlement.
(Source: Revision Legal)
Violating cybersecurity laws is an expensive and disruptive process. Do your customers know if they are in compliance with current regulations?
(Source: CyberInsureOne)
Perhaps the most sizable example is the Equifax breach that occurred in 2017. Two years later, Equifax agreed to pay nearly $700 million to settle federal and state investigations into how it handled a massive data breach that affected nearly 150 million people.
The settlement included $425 million to directly help consumers affected by the breach. The restitution fund started with $300 million dedicated to consumer compensation, with an additional $125 million if the initial funds ran out.
(Source:
CNBC.com)
Significant revenue loss as a result of a cybersecurity breach is common. Studies show that 29% of businesses that face a data breach end up losing revenue. Of that lost revenue, 38% experienced a loss of 20% or more.
(Source: The Ame Group)
Remind your customers that the best defense is often a good offense. The cost of remediation can skyrocket as a companies:
And ransomware significantly adds to this cost, tacking on an average of nearly $150,000!
(Source: Field Effect)
Eighty percent of breached organizations state that customer personally identifiable information (PII) was compromised during the breach. While the average cost per lost or solen record was $146 across all data breaches, those containing customer PII
cost businesses $150 per record—as well as the threat of customers losing faith in the company and turning elsewhere.
(Source: IBM & Ponemon Cost of a Data Breach Report 2020)
The biggest cost of a cyberattack is reputation. Deloitte determined that up to 90% of the total costs in a cyberattack occur beneath the surface. Hidden costs, like damaged credibility, can affect a business for years after a breach. What’s more,
loss of trust in the business, diminished brand reputation and increased costs concerning debt financing are not covered by insurance.
(Source: Deloitte)
If everything listed above happens, it can be hard to keep a business afloat. This is especially true for small businesses and why 60% small businesses that are victims of a cyberattack go out of business within six months.
(Source: Fundera)
These statistics tell a story—and it’s a pretty scary one. One (or more) of these situations can easily happen to your customers if they aren’t prepared. But they can also happen to your technology company if you’re not practicing what you preach—creating a scenario that not only puts your business in jeopardy, but likely exposes sensitive customer data to cyber criminals, which can exponentially compound the negative impacts of a breach. Look no further than the Kaseya ransomware attack that impacted the MSP community in July 2021.
At the end of the day, being the example of a security-focused MSP not only protects your business, but it also adds an additional layer of protection to your customers and encourages them to take the cybersecurity steps you recommend.
To help tech companies accelerate their cyber resilience, the CompTIA Information Sharing and Analysis Organization (ISAO) tailors proactive cyber threat intelligence and actionable analysis to meet the needs of MSPs, solution providers, technology vendors, and their customers. CompTIA ISAO members also gain access to a trusted community of peers where you can share cybersecurity information and best practices.
Learn more about how ISAOs help businesses improve their cyber resilience.
You can’t be proactive if you don’t know the potential for a problem exists. You can’t take preventative measures if you don’t know what’s happening in the threat landscape. CompTIA ISAO membership keeps you informed and prepared, making it a cornerstone of a technology company’s strong cybersecurity practice.
Learn more about the benefits of CompTIA ISAO membership.