The overwhelming majority of companies facing IT security incidents were unable to keep information about those incidents confidential due to pressure from third parties. This ultimately led to major blows to business reputations, according to B2B International, which worked with Kaspersky Lab this year to conduct the Global Corporate IT Security Risks 2013 survey among business representatives around the world.
Public disclosure of information about IT security incidents is often inevitable, something that most organisations cannot avoid. The study revealed that an average of 44% of companies that suffer a data leakage are forced to disclose the incident to clients who might potentially be affected by the incident, while 34% informed their business partners, 33% informed their suppliers, 27% reported to regulators, and 15% were obliged to disclose details to the media.
Large companies are more frequently faced with having to disclose details about IT security incidents to third parties. These organisations must primarily report to regulators, clients, and the media. The need to disclose this type of information naturally risks causing substantial damage to corporate reputations. Not infrequently, disclosure is also associated with financial losses in the form of fines imposed by regulators, and compensation for related losses incurred by clients and partners.
Since regulators, contractual obligations to clients and partners, and other factors often do not permit a company to keep information about data leakages confidential, the only real way to avoid damages from the disclosure of this type of information is to prevent an IT security incident from happening in the first place — by building a secure, protected IT infrastructure.
Preventing data leakages:
A solid strategy for maintaining the security of an IT infrastructure means, first and foremost, using an advanced security platform like Kaspersky Endpoint Security for Business. This platform provides anti-malware protection against complex targeted attacks and real-time threats across the entire company IT infrastructure – physical, mobile and virtual – together with security systems management, control and encryption tools. This level of security, in combination with employee education about IT threats can form the foundation of an action plan guaranteeing the highest level of protection for any company’s IT infrastructure against cyber-attacks and their consequences, including financial loss and reputation damage.