A recent poll of 700 C-level, CISO’s and office workers in the U.S. and U.K. found that 54% of the office workers said that if a business experienced a recent cyber breach, it would influence their decision to work there, with just one third saying it would not affect that decision.
In the study, prepared for security provider Encore, researchers also found that while most C-level executives (57%) knew they had been breached in the last 12 months, just 39% of the office workers believed their company had been breached in the same period. This lack of transparency could impact attrition rates, if secrecy is the norm and the breach were revealed.
Using the iceberg analogy, the report breaks down the cost of cybersecurity into four categories:
- The tip of the iceberg: direct financial costs, including recovering lost assets and ransom payments
- At the water’s edge: reputational damages, including loss of client trust, loyalty and new business
- In the shallows: attrition costs, including the impact on staff retention and ongoing recruitment
- Deep waters: extreme impacts that are becoming more common, including national security issues, cyber warfare and even loss of human life
The consequences of breaches and security incidents do indeed run deep and the impact on employee morale is important given the competitive job market. Companies should strive for transparency, and always remember that employees are a key audience for any communication plan. This need for transparency also extends to corporate security programs and investments – employees should be kept up to date proactively on security initiatives to ensure their participation and support.