Ransomware Defections. PHOTO: Cybercrime Magazine.

Ransomware and Your Reputation: 3 New Insights on When Your Customers Walk Away

Are you prepared? Many are not.

Leslie Keil

Eden Prairie, Minn. – Jun. 2, 2020

Cyberattacks have crippled organizations with six-figure costs in unplanned downtime, ransoms paid, and hardware replacement or repairs. The media has widely reported their devastating impacts and, today, most within the IT community understand the high stakes. What’s not understood, however — and what organizations rarely discuss — are the quantifiable immediate and lasting effects of ransomware on consumer purchasing behavior and brand loyalty.

In the aftermath of a cyberattack, when will consumers say enough is enough? How does ransomware really shape long-term trust and the perceptions of those that unwittingly fall victim to malicious activity? Arcserve research answers these questions (and more), uncovering new links between cyberattacks and customer tolerance.

Are you prepared? Many are not. But perhaps these insights will encourage your organization to approach cyber readiness differently, or risk inadvertently driving sales to a competitor that will.

Insight 1 – Your business is likely not doing enough to instill customer confidence

Today’s competitive landscape offers an overwhelming number of choices, with many consumers forgoing traditional brick and mortar to transact business online. This is good and bad news for organizations with an online presence (so, basically everyone), because 70 percent of consumers believe businesses aren’t doing enough to adequately secure their personal information and believe it’s been compromised without them knowing it.

Despite sweeping data privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) meant to protect consumer data, organizations continue to experience cyberattacks that result in data breaches, massive data loss, long-term downtime, and exorbitant ransom payments.

The hospitality and healthcare industries have been prime targets for cyberattacks, with cybercriminals exposing data ranging from personal and banking information to treatment records. For example, an attack on Marriott hotels resulted in a four-year-long security breach that exposed the personal details of 500 million hotel guests. And, when a Michigan healthcare organization fell victim to a phishing campaign, cybercriminals quietly gained access to patient data for two and a half months. 

As consumers become more educated and cyberattacks become well-known, organizations may need to consider alternative approaches to put customer minds at ease.

Insight 2 – Trust trumps quality and service

Trust is a tricky thing. And once it’s gone, it can be hard to regain.

Consider the after-effects of the REvil attack on Travelex, a UK financial institution. Not only did cybercriminals demand $6 million in ransom, but they also claimed to have consumers’ personal and credit card data. Travelex took its IT systems and websites offline for more than three weeks, reverting airport currency exchange kiosks to pen and paper — leaving customers “in limbo.”

In the end, the hacker group encrypted the entire Travelex network, deleted backup files, and exfiltrated 5GB of personal data despite Travelex paying a ransom of $2.3 million bitcoin.

These scary scenarios can, and do, happen — often causing customers to think twice about whether an organization can adequately protect data. In fact, 93 percent consider whether a business is trustworthy before purchasing and 59 percent would likely avoid doing business with a company that experienced a cyberattack in the past year alone.

Given that it’s becoming increasingly hard to keep attacks quiet, these findings suggest organizations must act quickly to prevent potential, and current customers, from exiting stage right.

Insight 3 – You may be hand-delivering customers to your competition

A single service disruption, failed transaction, or instance of inaccessible information feels like a lifetime. So, if your organization experiences ransomware-related downtime, consider one of every four customers gone.

Driven largely by instant gratification and evolving global conditions, consumers are going online more than ever before. But when a company is forced to take systems down following a breach, patience quickly runs thin.

Over 66 percent of research respondents would turn to a competitor if an organization couldn’t restore systems and applications within three days following a cyberattack. Over a third of those would be willing to switch after a mere 24 hours of waiting to access their information or make a transaction.

Simply put, more than half of consumers won’t wait while an organization figures out its recovery and remediation plan after-the-fact.

The traditional approach to cyber readiness is no longer enough

Organizations often take a piecemeal approach to cybersecurity and data protection, compartmentalizing these functions and processes with different budgets, solutions, and vendors. And, in the wake of rushed transformation and fragmented environments, this only adds to the chaos and confusion that leads to vulnerabilities.

Your work has never been more critical — but it can be easier. Instead of the “wait and see approach,” you could:

  • Deploy immutable backups for on-prem, cloud, and SaaS-based workloads;
  • Detect and prevent cyberattacks with AI-powered cybersecurity;
  • Rapidly respond and remove threats; and if needed,
  • Restore quickly by spinning up copies of physical and virtual systems onsite and offsite, or in public and private clouds.

Instead of the “wait and see approach,” you could fully integrate your cyber and data protection for a first and last line of defense against threats and data loss. Learn about multi-layered cybersecurity and data protection for your business.

For more insights, read the full Arcserve report Ransomware’s Stunning Impact on Consumer Loyalty and Purchasing Behavior.

Arcserve Archives

Leslie Keil is Vice President of Brand, Demand, and Communications at Arcserve where she’s responsible for leading the organization’s global demand and communications strategy to accelerate growth in alignment with Arcserve’s strategic interests. With over 15 years in B2B and B2C innovation, she’s passionate about fueling awareness for market-disruptive technology.


About Arcserve

Arcserve provides exceptional solutions to protect the priceless digital assets of organizations in need of full scale, comprehensive data protection. Established in 1983, Arcserve is the world’s most experienced provider of business continuity solutions that safeguard multi-generational IT infrastructures with applications and systems in any location, on premises and in the cloud.

Organizations in over 150 countries around the world rely on Arcserve’s highly efficient, integrated technologies and expertise to eliminate the risk of data loss and extended downtime while reducing the cost and complexity of backing up and restoring data by up to 50 percent.

Arcserve is headquartered in Minneapolis, Minn. with locations around the world. Explore more at Arcserve.com and follow @Arcserve on Twitter.