As an MSP, you know cybersecurity is a big deal. For businesses of all sizes, a breach could mean extensive damage and cost, potentially causing businesses to close their doors permanently. Your customers—even the ones that didn’t heed your warnings—will look to you as their IT provider for answers and wonder if you could have done more to prevent the attack or mitigate the damage. It’s no secret that this lost trust will harm your customer relations and your brand, ultimately putting your MSP in jeopardy.
How can you tackle the cybersecurity conversation with your clients and convince them they need to be prepared?
The scary reality is, if your customers aren’t prepared for a cyberattack, they could lose everything—and ultimately, so could you. Here, we’ve compiled stats to help you illustrate the reality of the cybersecurity threat to your customers and spark action.
10. Cybersecurity should be top-of-mind for businesses. Everybody is a potential target.
The global cybersecurity market size was valued at USD 172.24 billion in 2023. The market is projected to grow from USD 193.73 billion in 2024 to USD 562.72 billion by 2032 according to Fortune Business Insights. And while that number is so large it’s hard to wrap your head around it, here’s another stat that might hit closer to home. According to the Verizon 2024 Data Breach Investigations Report, 76% of breaches are caused by human error, meaning they were likely preventable. Yes, you read that right. Would that catch your customer’s attention?
9. When a security breach occurs, companies have to hit pause, losing precious time and revenue. This hits small businesses especially hard.
The average cost of a data breach jumped to USD 4.88 million from USD 4.45 million in 2023. A rise in the cost of lost business, including operational downtime and lost customers, and the cost of post-breach responses, such as staffing customer service help desks and paying higher regulatory fines, drove this increase. Breaches involving stolen or compromised credentials took the longest to identify and contain (292 days) of any attack vector. Phishing attacks lasted an average of 261 days and social engineering attacks took an average of 257 days.
8. Depending on the type of information that was compromised, businesses may be on the hook for legal fees.
If a settlement is in the works, a small business could be in limbo for quite some time. It’s common for 3 to 5 years to pass between a breach and a settlement. During that time, the company is paying legal fees, expenses and filing costs—not to mention the cost of the actual settlement.
7. If a company has broken a cybersecurity law, they could also be subject to penalties and fines.
Violating cybersecurity laws is an expensive and disruptive process. To-date, Meta tops the list of big-ticket sanctions, hit with a $1.3 billion fine for unlawfully transferring personal data from the European Union to the United States. Do your customers know if they are in compliance with current regulations?
- Health Insurance Portability and Accountability Act (HIPAA) fines are calculated based on the number of medical records exposed with fines ranging from $50 to $50,000 per record.
- Gramm-Leach-Bliley Act (GLBA) requires companies offering consumers financial products to explain their information-sharing practices and safeguard sensitive data. Fines can be as high as $100,000 for each violation, and the officers and directors of the organization may be fined up to $10,000 personally.
- General Data Protection Regulation (GDPR) mandates the use of encryption and is especially punitive, with fines potentially totaling tens of millions of dollars.
- Being in breach of Payment Card Industry Data Security Standards (PCI DDS) exposes organizations to minimum fines of $5,000 per month and maximum fines of $100,00 per month.
6. If a company is found liable for the leaked information, victims could request compensation.
Perhaps the most sizable example is the Equifax breach that occurred in 2017. Two years later, Equifax agreed to pay nearly $700 million to settle federal and state investigations into how it handled a massive data breach that affected nearly 150 million people. The settlement included $425 million to directly help consumers affected by the breach. The restitution fund started with $300 million dedicated to consumer compensation, with an additional $125 million if the initial funds ran out.
5. When a company is dealing with a data breach, normal everyday business can fall through the cracks. Lost sales result in lost profits and a very lean bottom line.
According to a survey of 1,000 U.S. consumers from API and application protection platform ThreatX, 60% of respondents are less likely to work with a retailer or brand that has suffered a data breach. In addition, only 10% of respondents reported feeling protected by retailers and brands, and almost half (48%) said their personal data has been left vulnerable following a data breach due to an organization’s lack of protection. Nine in 10 of those respondents agreed they are concerned this lack of protection will negatively impact their lives.
4. Identifying the breach is one thing, but remediating the situation is an entirely different animal—and the less prepared your customer, the more expensive it will be.
Remind your customers that the best defense is often a good offense. The cost of remediation can skyrocket as a companies:
- Document the attack
- Quarantine compromised hardware and software
- Contain and eliminate the threat
- Analyze activity logs
- Fix the vulnerability that caused the breach
- Repair or replace infected systems
- Implement security improvements
3. And when operations are subpar, your client starts to lose customers.
- Organizations with between 1,001 and 5,000 employees tend to have the most extensive collection of PII. But these companies face dual challenges: A larger data corpus from a more diverse range of data sources and less robust processes or staffing to manage it. Do any of your customers fall into this category?
2. A breach can damage your customer’s reputation—and it can take years to recover.
The biggest cost of a cyberattack is reputation. When a major data breach occurs, customers and clients may feel less secure with your company, causing them to pick up and leave. And when a company’s internal systems are down for an extended period, the stock price can drop, which is exactly what happened in the recent CrowdStrike outage. Deloitte determined that up to 90% of the total costs in a cyberattack occur beneath the surface. Hidden costs, like damaged credibility, can affect a business for years after a breach. What’s more, loss of trust in the business, diminished brand reputation and increased costs concerning debt financing are not covered by insurance.
1. In a worst-case scenario, your customer can lose their entire business.
If everything listed above happens, it can be hard to keep a business afloat. This is especially true for small businesses and why 60% of small businesses that are victims of a cyberattack go out of business within six months.
These statistics tell a story—and it’s a pretty scary one. One (or more) of these situations can easily happen to your customers if they aren’t prepared. But they can also happen to your MSP if you’re not practicing what you preach—creating a scenario that not only puts your business in jeopardy, but likely exposes sensitive customer data to cybercriminals, which can exponentially compound the negative impacts of a breach. Look no further than the Kaseya ransomware attack that impacted the MSP community in 2021.
At the end of the day, being the example of a security-focused MSP not only protects your business, but it also adds an additional layer of protection to your customers and encourages them to take the cybersecurity steps you recommend.
Engage in an ISAO for Support
A recent survey of MSPs found that 77% struggle with juggling multiple cybersecurity solutions. Fortunately, you have access to real-time support. To help MSPs accelerate their cyber resilience, the GTIA Information Sharing and Analysis Organization (ISAO) tailors proactive cyber threat intelligence and actionable analysis to meet the needs of MSPs, solution providers, technology vendors and their customers. You also gain access to a trusted community of peers where you can share cybersecurity information and best practices.
You can’t be proactive if you don’t know the potential for a problem exists. You can’t take preventative measures if you don’t know what’s happening in the threat landscape. Engaging with the ISAO keeps you informed and prepared, making it a cornerstone of a technology company’s strong cybersecurity practice.
Check out GTIA Cybersecurity Programs for more information.
Follow GTIA on LinkedIn! #WeAreGTIA
