No credentials, no custom: Prioritising cybersecurity in the digital age
By Vicky Wills, CTO, Exclaimer
The digital age has cultivated an absolute necessity for robust cybersecurity, particularly in relation to the evolving threat landscape. The consequences of security breaches are often disastrous for businesses, and can put customer trust, sensitive data, and brand reputation at risk. As a result, IT leaders need to ensure they are aware of any emerging threats that may jeopardise their company’s assets, by continuously evaluating and updating their security.
IT leaders know that security plays an essential role in digital operations, backed by Exclaimer’s recent research which reveals that over 50% of IT leaders are unwilling to collaborate with software vendors lacking strong security credentials.
In addition to establishing rigorous internal security processes, IT leaders must carefully choose which SaaS businesses they partner with. They should prioritise working with companies that practise strong cybersecurity and protect company data – in particular, software companies which have undergone security regulation and evidenced it.
No credentials, no custom
According to recent research from Exclaimer, almost half (48%) of IT leaders cite good cybersecurity as one of the top five factors driving them to one vendor over another. Software companies that maintain good cybersecurity practices will exhibit security credentials – such as SOC 2 Type II, ISO standards, and Cyber Essentials – which IT leaders need to bear in mind when making SaaS buying decisions.
However, the research indicates that there needs to be a shift in mindset, given the remaining 52% of IT leaders do not consider good cybersecurity as a top five factor when it comes to making a software-buying decision. Good cybersecurity cannot be considered optional when it comes to choosing a vendor, due to the catastrophic nature data breaches have on businesses.
A single data breach can result in financial losses, reputational damage, and a loss of customer trust. The overwhelming majority (77%) of respondents we surveyed agree that a breach involving customer data would have a serious impact on their business. It is clear that IT leaders know the potential consequences of security vulnerabilities, although some might not be taking the right measures to prevent them.
The significance of email security
With email leading our day-to-day professional communications, it is unsurprising that a resounding 92% of IT decision makers surveyed consider email security a major concern. For many businesses, email is an essential form of communication, connecting them both internally and with external organisations. However, publicly available email aliases or addresses easily found via search engines opens them up to risks of spam, phishing, and other harmful email attacks.
In particular, 51% of IT decision makers surveyed indicated that they see phishing attacks as a primary threat to email security. Phishing emails not only pose risk to brand and customer data, but also brand image. Almost half (44%) of IT leaders think customers would blame their brand if they experienced a phishing scam whereby a hacker imitated their brand identity, a further 35% believe they would lose customers, and 29% believe their customers would no longer engage with their legitimate emails.
This demonstrates that there is a need for brands to continuously address and mitigate the risks associated with phishing attacks and make email security a top priority to avoid posing a risk to brand trust.
Minimising the risk of setbacks: The Three Essential Es
Among the IT decision makers we surveyed, one in five (20%) acknowledged incurring fines due to customer data breaches. Of those, almost half (45%), meaning one in ten IT decision makers, indicated that as a direct consequence of those fines they saw a reduction in employee headcount, R&D budgets, and business development efforts.
Cybercriminals will always be active, and security threats are unlikely to ever disappear. Knowing the consequences of data breaches, IT leaders can take steps to mitigate any potential risks. Within organisations, IT leaders can use the ‘Three Essential Es’ as a golden rule to lessen the chances of the business falling victim to cyber attacks:
- Education: Educate all employees about security best practice through ongoing training, such as mandatory compliance training videos, exercises such as showcasing examples of phishing emails, or even hosting a talk. This can reduce the risk of employees falling victim to threats or scams.
- Encryption: Encrypt sensitive information. Encryption ensures that sensitive information such as customer data, financial records, and intellectual property remains confidential and reduces the risk of cybercriminals accessing and misusing this information.
- Email security: Implementing advanced email security solutions. This protects an organisation against threats such as phishing attacks, malware distribution, and ransomware, and can prevent potential breaches that may jeopardise sensitive and confidential data.
Given that data breaches can wreak havoc on an organisation, ensuring the highest level of cybersecurity is paramount. As a first step, IT leaders can ensure that they are partnering with software companies that diligently and robustly protect their data. Internally, leaders should implement rules for employees and take preventative measures against security breaches, while consistently anticipating the threat landscape. Email security must be a top priority.