As we discuss in our Security Awareness Training sessions , one of the biggest risks of a ransomware or data loss incident to your organization is reputational risk. For example, in a recent survey by ReputationUs (RepUs), a firm specializing in reputation management and cybersecurity preparations, 46% of respondents would blame the organization if they are hacked, and 48% stated they are very unlikely to remain a customer of the organization if their lost data were used to illegally setup a credit card in their name.
If a Massachusetts organization suffers a data breach, there are specific reporting requirements of the incident. As a result, the state publishes Data Breach Notification Reports where all the world can see who has reported such events. In particular, certain industries also have reporting requirements, and similarly, the Office for Civil Rights publishes what is affectionately known as the “HIPAA Wall of Shame” of the health care Covered Entities that have reported data breach information.
One way to avoid reputational risk is to have a plan, stick to the plan, and Keep Calm and Compute On.