Organizations impacted by ransomware and other types of cyberattacks typically focus on the short-term damage—fixing the vulnerability that led to the attack, recovering their data, getting their business back online. But there are also long-term effects from a cyberattack. Organizations that fall victim to attack can suffer damage to their reputation and trustworthiness among customers and users. A report released Wednesday by security provider Arcserve highlights the attitudes and feelings among consumers toward companies hurt by a successful cyberattack.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

Based on a survey of almost 2,000 consumers across North America, the United Kingdom, France, and Germany, Arcserve’s report titled “Ransomware’s Stunning Impact on Consumer Loyalty and Purchasing Behavior” found that 59% of respondents would likely avoid during business with an organization that experienced a cyberattack in the past year. Further, their level of forgiveness wouldn’t necessarily increase much over time—45% said they wouldn’t do business with a company that was attacked sometime in the past three years.

With cyberattacks occurring so frequently, many people are naturally worried about their own personal data being leaked or compromised. Almost 40% of those surveyed said that security concerns about their personally identifiable information (PII) was the sole reason they opted not to open an account or do business with a particular company.

Ransomware attacks put customer data in jeopardy as it falls into the hands of the attackers and can be exposed publicly if the ransom isn’t paid. Based on the survey results, people have little patience for organizations impacted by ransomware. Some 58% of respondents said they would leave a business that was disrupted by two or fewer ransomware attacks; 28% would do the same after just one attack. A full 46% would quit their bank or securities company after a single ransomware attack, while 45% would do the same with a retail organization.

Recovering quickly from a ransomware attack is also vital to retaining customers. Some 37% of those surveyed said they’d switch to a competitor if a company’s systems and applications were not back online within 24 hours following an attack. Some 41% would walk away from the business within two to three days.

SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)

Customers and users who’ve been caught up in cyberattacks against businesses aren’t shy about sharing their frustration, another factor that can damage a company’s reputation. Among the respondents, 45% said they’ve shared their negative experiences about an attack with family, friends, or colleagues. A quarter have posted details on a community forum, blog, or website. And 23% have shared negative comments through online reviews or social media.

Ramping up the necessary technology and personnel to better protect your organization can be expensive. But consumers are willing to share some of that cost. Some 43% of those surveyed said they’d be willing to spend more money on products and services from a company they consider to be more reliable and secure. Even higher percentages said they’d pay more for better security from their banks, public cloud providers, media services, and healthcare providers.

“Consumers are clearly already hesitant about working with companies hit by cyberattacks, and they just won’t tolerate disruption as businesses figure out recovery and remediation plans after the fact,” Arcserve CTO Oussama El-Hilali, said in a press release. “The findings represent a stark warning for all organizations given that one in four of their customers will be gone immediately upon disruption, with many more losing patience within 48 hours. Businesses must do more to ensure they’re protecting their data from cybercriminals and mitigating the chance they’ll experience extended downtime.”

To help organizations beef up their defenses against cyberattack, Arcserve offers the following recommendations:

  1. Achieve IT resilience faster by eliminating the juggling act of multiple vendors, service-level agreements (SLAs), and support teams.
  2. Get total SaaS-based, on-premises, and cloud data protection from one vendor with unified backup, cybersecurity, disaster recovery, and cloud services.
  3. Keep operations running, and meet SLAs with instant VM and bare-metal restore (BMR), local and remote virtual standby, application-consistent backup and granular restore, hardware snapshot support, and extensions delivering high availability and tape support.
  4. Ensure you don’t miss a beat during on-premises outages with remote virtual standby for emergency failover and failback to the cloud, manually triggered failover to remote resources, and instant VM recovery.
  5. Eliminate headaches from intentional or unintentional deletion, programmatic issues, external security threats—issues not covered by Microsoft—with total data protection for Exchange Online, OneDrive for Business, and SharePoint Online.
  6. Detect known and unknown malware without relying on signatures by using cutting-edge deep learning technologies.
  7. Prevent major hacking techniques, including credential harvesting, lateral movement, and privilege escalation with exploit prevention.
  8. Ensure compliance mandates are met with AES encryption and role-based access control.
  9. Keep up with data growth by reducing storage requirements with built-in global deduplication.


Image: Nattapon Kongbunmee, Getty Images/iStockphoto