Security breaches drive customers away

Companies whose IT networks suffer a security breach risk losing a large slice of revenue as their customers lose trust and move elsewhere, according to figures published on Wednesday.

The survey, which was carried out by telecoms firm Energis, found that the rate of customer attrition in the business-to-business sector rose by 47 percent after a firm fell victim to hacking, a virus, a denial of service attack or a phishing fraud.

Energis spoke to more than 100 large companies or government agencies and found that nearly all of them had suffered a security breach in the last year. These organisations reported that many of their existing customers had taken their business elsewhere because of these breaches, and that the customers that remained were spending on average 4 percent less with them.

Energis also found that in the cutthroat world of British business, rival firms are often citing these security breaches as a reason for changing suppliers.

"Companies can't replace this kind of revenue easily," said Malcolm Seagrave, security expert at Energis. "The cost of losing customers far outweights the cost of putting their systems right."

Hacking attacks and viruses can force a company's systems out of action for hours or even days, seriously eroding confidence and making it impossible for customers to access the company's Web-based services.

Phishing attacks, in which organised criminals create a fake version of a financial institution's Web site with the aim of extracting banking details from deceived customers, can do even more damage.

A second survey published on Wednesday found that three-quarters of bank account holders are less likely to respond to email from their banks because of concern about phishing. This research, commissioned by security firm Cyota, also found that 74 percent of account holders are were less likely to shop online due to the phishing threat.

According to Energis's research, the average cost of an IT security breach is £122,000, on top of which companies often see the premium on their insurance policies rise.

Energis's advice to companies is that if they can't handle their IT security themselves, they should outsource it to a company that can.

"The way many UK businesses handle IT security is the equivalent of leaving a brand new Ferrari unlocked with the keys in the ignition," said Seagrove.

"Companies must invest time and money in the right security infrastructure and in having a failsafe business continuity plan ready should the worst happen."