Cyber Risks & Liabilities

As the frequency of cyberattacks rises, users may experience data breach fatigue, a term used to describe the apathy that occurs as breaches become more prevalent. In 2020 alone, 155.8 million people were affected by data breaches, potentially leading to customers being desensitized to news of a breach and uninspired to protect themselves. In reality, according to recent RAND Corporation research, only half of survey respondents changed their passwords or personal identification numbers after a data breach, and one in five did not take any action at all.

While customers may have grown tired of data breaches, businesses cannot afford to become complacent in their cybersecurity efforts and must maintain vigilance. Nonetheless, according to Kaspersky Lab study, 84 percent of North American chief information security officers believe that cybersecurity incidents are unavoidable.

Normalizing or justifying data breaches can have serious consequences for an organization's customers, bottom line, and reputation. This article discusses the repercussions of data breach fatigue on organizations and the steps organizations can take to ensure they don't become complacent about cybersecurity needs.

Risks of Data Breach Fatigue

Organizations that have become desensitized to the seemingly never-ending stream of cyberattacks are at risk of suffering major losses. Data breach fatigue and surrendering to the "inevitable" can result in severe damage, including:

• Loss of trust—Consumers may not trust organizations that are affected by data breaches. A study by the Poneman Institute found that nearly one-third of respondents stopped doing business with companies following a data breach.
• Loss of money—Data breaches can be costly. According to IBM, the average cost of a stolen record is $148. When millions of records have been compromised, it can become quite expensive for companies to recover.

Data breaches also tend to affect small businesses more severely than large corporations. According to the National Cyber Security Alliance, 60% of small businesses fail within six months following a data breach, typically due to significant financial and reputation damages.

Preventive Measures

The constant threat of cyberattacks can be overwhelming for organizations and their employees, resulting in complacency and fatigue. Organizations must stress the importance of cybersecurity to their employees to limit the possibility and impact of a breach. Organizational leaders can take the following actions to help prevent data breach fatigue from spreading to employees:

• Maintain transparency and awareness—To get employees involved in cybersecurity, organizations must be transparent and build awareness about the subject. Ongoing educational programs can help employees identify threats and promote a more secure, risk-conscious work environment.
• Distinguish threat level and type—Burnout may occur if every issue is treated with the same level of urgency. Establish a hierarchy of threat levels so that employees understand the different repercussions that arise from each type of breach.
• Ensure consistency—Security practices should remain consistent throughout every level of an organization. Top executives and entry-level staff alike should have the same understanding of cybersecurity procedures.

In addition to educating the workforce on cybersecurity, organizations should work to prevent data breaches from occurring in the first place. To prevent data breaches, organizations should:

• Review cybersecurity policies—Ensure that the security measures in place are adequate to prevent breaches. Address policies every time a new vulnerability is identified.
• Maintain software updates —Install the latest software updates on all company laptops, smartphones, and networks to help ensure that malware and virus protection is current.
• Back up data—Data should be encrypted and backed up to secure cloud storage.

If a data breach occurs, organizations should initiate their incident response plan to reassure customers and limit the damage.

Remember, organizations, employees and consumers must remain vigilant to fight off data breach fatigue in today's connected world. By maintaining a positive security culture and staying alert, organizations can minimize the occurrence and damage of data breaches.

For additional risk management guidance and insurance solutions, contact INSURICA today.

This Cyber Risks & Liabilities document is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. © 2021 Zywave, Inc. All rights reserved.