Phishing: Reputational damages
Introduction
When phishing and damages are thought of in the same sentence, the typical thoughts of many are the loss of data due to theft, identity theft and ultimately financial theft. While phishing can cause these types of damages, there is one major category of damages that may go overlooked: reputational damages. This type of damage is not always the most apparent, such as a loss of data or financial resources, but they can be severely destructive just the same.
This article will detail the reputational damages that result from phishing. We will explore what reputational damage is, the different types of reputational damages that stem from phishing and the different ways in which an organization can face reputational damages.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
What is phishing?
Phishing is a term that has been all over the place in recent years, due its meteoric rise alongside the rise of widespread internet use in society. Phishing refers to the fraudulent attempt to steal sensitive information from victims, usually beginning with an email. This sensitive information includes login credentials (such as usernames and passwords), financial information and other personal information. The information can then be used by the phishers to steal money and wreak all manner of havoc against the victim.
Phishing is still a top priority for many organization IT departments and security teams, regardless of the fact that phishing has been around for decades. Below are some useful statistics for grasping the impact of phishing today:
- Phishing is the cause of 90% of data breaches
- The average cost of these data breaches is US $3.92 million
- 76% of businesses report being on the receiving end of a phishing attack
- Of those targeted by phishing, 30% open the phishing message
- From 2018 to 2019, there was a 65% jump in phishing attempts
- This trend has continued, with COVID-19 and other assorted pandemic phishing attempts flooding the internet
What types of damages can phishing cause?
For what may seem like an insignificant risk to those without cybersecurity training, phishing can be fairly destructive with more types of damage than you expect. The damages associated with phishing are:
- Data loss
- Financial loss due to financial data theft
- Reputational damage
- Identity theft
Despite being one of the most common types of damages associated with phishing, reputational damage is normally overlooked when discussing phishing damages. Without further ado, let’s delve into what reputational damages are.
What are reputational damages?
This question has a short answer and a long answer. The short answer to this is that it is damages caused by phishing to the reputation of the victim. You could have probably guessed this based upon what these damages are named, but the long answer may shock you.
The long answer to this question is that reputational Damages can come in many different forms. Below is a rundown of some of the most common types of reputational damages.
Types of reputational damages
What makes reputational damages possibly the nastiest of the phishing damages is how extensive and entangled the reputational damage can be. Instead of being one instance of reputational damages, phishing attacks can result in multiple different types of this damage.
Damage to reputation or brand
For lack of a better term, damage to reputation is the most obvious form of reputational damages. This is the classic reputational damage that most probably think of and is the damage inflicted upon the victim’s reputation based upon the phishing attack (normally compounded by a resulting data breach). This example can be best explained with the relatively current example of Equifax. This credit reporting bureau has been synonymous with the term “data breach” since its infamous incident, demonstrating the devastating effect that phishing attacks can have on the victim’s reputation.
The worst part about this form of reputational damage is that it may take decades for reports of the phishing attack to fade from public memory, causing repercussions to last for years.
Loss of customer trust
The next knock to an organization’s reputation is loss of customer trust. Confidence is critical in business; all brands are ultimately built on trust and it is not uncommon for organizations to have years of confidence built up with their customers. The reality is that phishing can cause an organization’s customers to have a steep drop in confidence.
For example, the compromise of Facebook user data in 2018 due to phishing caused the social media pariah’s valuation to plummet by $36 billion. Once a phishing attack has made victims of an organization’s customers, they are 42% less likely to engage in business with that organization.
Further lingering reputational damages
Reputational damages do not stop at the above flavors of damage. In fact, there are several ways in which lingering reputational damages can hurt an organization after the phishing attack. Phishers can access the contacts in a compromised email address and start sending messages to its email contacts, which may damage the reputation of that organization employee. When an organization is known to have fallen victim to phishing, a recent report has shown that email inbox placement rates fall by 10%, with Gmail and 7% with Yahoo email.
Lastly, reputational damages may extend to partnerships with third party vendors that would be less likely to do business with a company that has a reputation for falling for phishing.
See Infosec IQ in action
Conclusion
Phishing can be incredibly destructive for organizations, causing multiple different types of damage. One type of damage that should not be overlooked is reputational damage. Reputational damages can affect the organization’s brand image and trust that their customers have in the organization, as well as other lingering reputational damage caused by their phishing nightmare.
The best way for organizations to handle this issue is to provide a robust cybersecurity training program for their employees with a focus on phishing and recent phishing email trends.
Sources
What Damage Can Phishing Cause to Your Business?, Stage2Data
How Can Phishing Affect a Business?, Cybsafe
Phishing Attacks Pose a Serious Threat to Brand’s Reputation, IT Pro Portal
The True Cost of a Phishing Attack, Retruster