Interbrand’s valuation experts estimated the impact of a breach with scores from its flagship property Best Global Brand (BGB) 2020 as a benchmark to estimate and simulate the value at risk for a brand in the event of a data breach.
Interbrand used three parameters to assess the risk – a financial forecast that captures consensus estimates of future revenues and future profits on which valuation is built, the role of brand in the purchase decision, and brand strength. The study found that technology, financial services, and automotive might suffer a higher brand value at risk from data breaches, whereas luxury brands and consumer goods face greater value at risk as a percentage of their net income.
Tech brands top the chart with $29 billion in brand value risk they might carry in an event of a data breach due to the ubiquity of tech in our everyday lives. Consumer goods and automotive companies carry up to $5 billion and $4.2 billion of brand value risk respectively. And financial services might end up with an exposure of $2.6 billion brand value risk.
Vishal Salvi, chief information security officer & head cybersecurity practice in Infosys, said the rapid adoption of digital and accelerated migration to the cloud is making digital security an important foundation for stakeholders to have trust in the system. “We know that rapid innovation, adoption of open source, agile and remote work, are creating a large and complex attack surface. There is definitely a need to bring in ‘secure by design’ because security as an afterthought is going to lose the war.” It also reinforces the need for CISOs to engage with the board and build a robust governance ecosystem to safeguard their brand value and reputation, he said.
Ameya Kapnadak, chief growth officer (India) at Interbrand, said there’s a fundamental shift in how brands engage with their customers. “Cybersecurity was seen to be hygiene and any estimates on the cost of data breach tended to be on revenue loss, customer loss and then there is the cost to rebuilding the business and tackling legal fines. These shifts underscore the need to re-evaluate ‘hygiene’ aspects of customer experience, like cybersecurity,” he said.
Salvi said CXOs and CISOs understand cybersecurity risk from a different lens and talk about reputational impact, but have always found it difficult to quantify it. “We are giving them a diagnostic data point which gives them a method to evaluate cybersecurity risk in future,” he added.