Despite growing risks, many companies are still poorly protected against the type of reputational crisis that a cyber incident can deliver, according to research by Allianz.
The insurer’s 9th annual survey of top business risks included 2,700+ experts from over 100 countries, most of whom agreed that cyber-incidents have become tremendously damaging and expensive for companies – and often result in lawsuits and litigation.
In fact, cyber incidents are now the top peril for companies globally, according to the Allianz Risk Barometer for 2020. Besides financial damage, one of the biggest risks associated with cyber incidents is loss of reputation or brand value.
“Corporate scandals involving reputation can originate from an increasing number of scenarios – from cyber breaches to social media to corporate misconduct to even supplier misconduct,” reads the report.
Calculating the value of a company’s reputation can be difficult, but when a company suffers a blow to its reputation, its market value can collapse with astonishing speed, Allianz says.
On average, more than a quarter of reputational crises spread within an hour, and over two-thirds within 24 hours. And the introduction of social media means that events affecting a company’s reputation have twice as much impact on stock prices, analysts argue.
In addition to being the top risk globally, cyber is among the top three risks in many of the countries surveyed, including Austria, Belgium, France, India, South Africa, South Korea, Spain, Sweden, Switzerland, the U.K. and the U.S..
Businesses in 2020 face larger and more expensive data breaches coupled with an increase in ransomware demands and business email compromise incidents. Privacy-driven fines or suits are now a given after any cyber incident. Finally, mega breaches, involving more than 1 million compromised records, now cost on average $42 million, up 8% year-on-year.
In a recent example, credit reporting agency Equifax has been ordered to spend $1 billion on data security investments in an ongoing financial and reputational mess caused by a devastating cyber incident in 2017. The order adds to the already painful tally of over $1 billion in costs associated with class action lawsuits, legal penalties, and legal fees.