Though the financial costs of a cyber attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and your company. Business and IT leaders reviewing their security investments should be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand.
Cyber security risks have taken a toll on consumer trust. For example, 2 out of 3 Americans said they were worried about their information being breached during the 2020 holiday season.
Even if last year did see U.S. consumers increasing online spending by 44% compared to the previous year, many are ready to punish brands severely if a breach does occur. In fact, a quarter of consumers said they would completely stop engaging with a brand that experienced a breach.
Data breaches or unclear cyber security protocols also have hard-to-measure psychological effects. The 2017 WannaCry ransomware attack led to critical infrastructure impacts. When the U.K.'s National Health Service was breached, for example, surgeries had to be rescheduled. Cyber attacks can be traditionally viewed as affecting only financial institutions and not everyday individuals, but the WannaCry example made the problem real for many people. It showed how it could expose vulnerabilities in basic infrastructure and, therefore, increased anxiety for many.
When considering how cyber security affects society, it's important to look at the daily professional lives of employees as well. The laundry list of protocols employees need to routinely follow, from multi-factor authentication to the careful monitoring of emails, can also increase stress and fear about the consequences of one mistaken step.
The social impacts of a cyber breach can also be gauged by the service disruptions they cause. Depending on the nature of the breach itself, these interruptions might be wide-ranging or localized but are nonetheless very real and frustrating for the people they directly impact.
In 2019, 22 towns in Texas sharing a software vendor were the target of a cyber attack. The attackers asked for a ransom of $2.5 million for the restoration of administrative services, and residents of these towns could not access records or pay utility bills while under siege.
Third-party software was again a target for a much more extensive breach of top U.S. government agencies, including the Departments of Energy, Homeland Security, Defense and Commerce. The Sunburst hack, as it came to be called, highlights another challenge with cyber attacks: Their effects can be insidious and unfold slowly over time.