According to the Cisco 2017 Annual Cybersecurity Report (ACR), more than one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity, and revenue loss of more than 20 percent. Ninety percent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study.
The 2017 ACR revealed the potential financial impact of attacks on businesses of all sizes. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organizations that experienced an attack, the effect was substantial:
- Twenty-two percent of breached organizations lost customers — 40 percent of them lost more than 20 percent of their customer base.
- Twenty-nine percent lost revenue, with 38 percent of that group losing more than 20 percent of revenue.
- Twenty-three percent of breached organizations lost business opportunities, with 42 percent of them losing more than 20 percent.