Reputations on the line as "huge proportion" of organisations fail to do the basics

A report released by the NCSC has revealed that a ‘huge proportion’ of UK businesses are failing to implement the security basics, putting their reputations on the line.

The report showed that 43% of all UK businesses suffered a breach over the last 12 months, with the most common method of attack being fraudulent emails.

Click here to view the security basics.

A cyber-attack can severely damage an organisation’s reputation. Efforts can be made to mitigate a breach, but once news of it gets out to the public, the next phase of damage control begins.

After all, would you trust a company that’s been breached with your personal data?

Damaged Trust, Damaged Income

If you get a reputation for being insecure, then consumer trust will decline.

This can result in less business, less income, fewer profits and ultimately the prospect of job losses.

In this age of cyber threats, one breach can perhaps be forgiven, but if an organisation is repeatably breached and proven to not have taken any remedial action, then the reputational fallout is likely to be huge.


The National Health Service (NHS) recently received criticism for not implementing 22 recommended cybersecurity measures a year after it was hit by the WannaCry ransomware attack.

Adding to its woes, the organisation was in the news again in April after an NHS website hosting data from patient surveys was defaced by hackers.

The NHS is an interesting example as millions of people depend on its services and there are few alternatives. If a company that was selling goods and services made similar headlines would people still use it?

The Damage is real

There are many examples of large organisations suffering the fallout from cyber attacks. Here’s just a few from the past few years-

  • Year: 2014
  • Who: JP Morgan Chase
  • What happened: Hackers gained entry to JP Morgan’s systems after an employee fell victim to a phishing attack that compromised their user credentials. The hackers stole the details of 83 million of the banks customers.
  • Impact: The reputational damage was high and JP Morgan pledged to double its cybersecurity spending to £311 million as a result of the breach.


  • Year: 2015
  • Who: Ashley Maddison
  • What happened: Hackers leaked the personal details of users of the notorious dating site Ashley Maddison. The hacked information was used to blackmail high profile users and expose their infidelity.
  • Impact: Aside from a few divorces and payments to blackmailers the biggest cost was to Ashley Maddison’s already dubious reputation and the reputations of those exposed.


  • Year: 2015
  • Who: Carphone Warehouse
  • What happened: A number of security failures resulted in hackers compromising the details of 3 million customers. It was shown that the company was running unpatched software, had no antivirus on servers and up to 30-40 members of staff shared the same password and login details.
  • Impact: As well as other costs, the Information Commissioners Office (ICO) fined Carphone Warehouse £400,000. The negative publicity harmed the company’s reputation amongst customers.


  • Year: 2015
  • Who: TalkTalk
  • What happened: A 15-year old boy hacked TalkTalk leaking 157,000 of its customers details.
  • Impact: Aside from massive reputational damage that resulted in the loss of 101,000 customers, the breach cost the company millions in fines and the introduction of new cybersecurity measures.

Be Honest

An organisation's reputation can be damaged not only as a result of a cyber attack but by the way they respond to such incidents. It’s best to be open and honest about what has occurred as if you’re caught trying to cover it up or lie about an incident the blowback will be a lot worse.

Angry customers are likely to vent their frustrations via social media platforms. This can further damage a business's reputation and will most likely require the marketing team to take damage limitation measures. If you’re honest and transparent about an incident, then people are likely to be more forgiving. Proactive, timely and sufficient communication is key to this.


With the introduction of GDPR in May, the government is urging businesses to take the matter of cybersecurity more seriously. Organisations will have to report certain types of personal data breaches to a relevant supervisory authority and if the breach is likely to result in a high risk of impacting an individuals rights they too must be informed without delay. 


Reputational damage can also negatively impact on an organisation’s relationships with its suppliers, partners, investors and third parties. If your organisation is seen as insecure then building new relationships could be a struggle.

Schemes such as the governments Cyber Essentials Scheme can demonstrate that you take the matter of cyber security seriously.

It's not a matter of if, but when your organisation suffers a data breach. This may sound pessimistic, but sadly it’s the truth. However, there’s no need to despair as there are many things that all organisations can do to reduce the threat and limit any damage.

What can you do?

  • Regular scans of servers and vulnerabilities
  • Cyber awareness education
  • Implement the basics
  • Promote good cyber hygiene

If you can demonstrate that you take the threats seriously and have taken the right defensive steps, then the reputational damage can be limited and perhaps even turned to your favour.

For further reading visit –

Want to learn more about how CyberScore™ can help secure your business? Visit our website at and if you want to give yourself the very best protection against cyber security threats try out CyberScore™ for free now!

Follow us on FacebookTwitter and LinkedIn or sign up to our mailing list at