There is a risk of allowing the theoretical to remain theoretical and not become practical. Equifax learned that lesson the hard way this week as they had their company outlook lowered by Moody’s. The rating firm cited cybersecurity issues at Equifax as one of the chief reasons for the downgrade.
“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Joe Mielenhausen, a spokesperson for Moody’s. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.”
While it may be unique to see a $690 million fee assessed to a data breach (more regulatory and civil fines may be coming), there is an important lesson to be learned from Equifax and how a very real cybersecurity event has caused actual financial harm to the company and its shareholders.
Since the beginning years of managed services, MSPs have been trying to figure out how to communicate the value of effective IT management practices. I remember early on how some MSPs would post MSP calculators on their websites in an attempt to convince customers why taking care of their IT resources was important.
Security seems to have put an exclamation point behind that theme. Today, nearly everyone is aware of the security threats facing companies of all types throughout the world. I think the issue we face today is how bad can it get. It can get a lot worse, and probably will.
The Equifax Lesson
If there is a lesson to be learned from Equifax, it is this: there will be an impact on your business in the event of a cybersecurity breach. Data breaches like Equifax come with plenty of headlines and regulatory fines. While not every company is subject to a Moody’s credit rating score, every business is subjected to basic responsibilities and rules when it comes to managing the IT assets and data they handle. Nobody is absolved of the risks associated with data privacy and security.
For MSPs, the opportunity (and responsibility) is to talk to customers and convince them of their responsibility to the data and IT systems they control. Most companies are unlike Equifax in the sense that they would not be able to survive a catastrophic security breach. If customers look at the Equifax story, they should not conclude that security breaches are survivable. Instead, companies should say, how do we avoid what happened to Equifax.