Puckett 1

Victoria Puckett
Allene Nichols
RHET 1302.032
12 December, 2012
Confidence in Information Security
A major tool used by firms to make successful decisions is information. Businesses utilize
information about new technologies, competitors, and most importantly, current and target consumers
to reach well rounded conclusive decisions. The increase in the amount of technology businesses use to
operate and collect data has resulted in a rise in the amount of sensitive information firms have the
ability to collect. Consequently, information security has become pivotal, not only in keeping our society
comfortable, but also in promoting a businesss success. Strong information security is a prominent
factor in promoting consumer confidence in a firm which can greatly influence their performance.
There is no question that technology has become an integral part of businesses since the
introduction of computers and the internet. These new technologies exponentially increase the amount
of information firms can collect, store, and use, creating the concept of information technology. Though
the use of this information can increase innovation, productivity and efficiency, the data is usually very
sensitive material that can have strong negative impacts on firms if leaked or stolen. The protection of
confidential information is now an engine of global enterprise (Brown). Richard Brown, a leader in
technology and security risk for Ernst & Young, referred to information security as one of the core
business and organisational enablers (Brown). Brown acknowledges that information security is
important for keeping a business effective and running smoothly. Yet, amid the mass of critical data and
the many security acts and regulations passed, a security breach has the potential to bring financial ruin
and loss of integrity to a business (Brown).

Puckett 2
There are many types of information security breaches. Some major types of breaches that
affect businesses include stolen company property or information, hacking, and missing back up
information (Cate). Fred H. Cate outlines different types of security and how and why they occur in his
report on Information Security Breaches and the Threat to Consumers. Cates report shows that 55%
of security breaches that occur fall into the lost or stolen data category. Contrary to what the public
often believes the report shows that the majority of information security breaches are accidents, rather
than the result of deliberate attacks, and many are not so much breaches as incidents in which data
may or may not have been compromised.. Unfortunately, if customers know that their personal
information has been lost it will have negative backlash on the company, even if it causes know harm to
the consumer directly.
The protection of information, or the lack thereof, has two major effects on a company: the
tangible effects and the intangible effects. According to Anita D. DAmico, the tangible effects include
things that can be measured and usually regard monetary effects such as how much business is being
received, productivity of IT staff, money lost trying to fix breaches, public relations, and liabilities for
breaches in law. DAmico cites that the cost computer companies spend on standard security breaches a
year is approximately $972,000. For internet based companies the risk is even higher. Ashlish Garg
states that It is estimated that the average publicly listed company loses between $17 million and $28
million per IT security incident (Garg). Contrary to tangible effects, the intangible effects include things
not so easily measured which ultimately boil down to the consumers confidence in the business
(DAmico). Though the tangible effects are more easily seen and calculated, the intangible effects make
a huge impact on the overall success or failure of a business in the long term
The loss of integrity of a business is a major part of the intangible effects of a security breach
and can be seen to directly affect consumer confidence. Businesses hold a great amount of information
on their customers, including credit card and bank information, shopping habits, health records, and

Puckett 3
social security numbers. When this information is stolen or damaged, consumers can be victims of
numerous forms of identity fraud (Cate). Not only will this ruin the credibility of the firm in the eyes of
the ones directly affected by the breach in security, but others who hear of the breach will associate it
with the firm. As a result, firms will lose out on new customers decreasing their financial gains in the
long term (DAmico). The loss of confidence in a business that had a security breach was outlined by a
study carried out by Masaki Ishiguro, Hideyuki Tanaka, Kanta Matsuura, and Ichiro Murase on the effect
media exploitation of a companys security breach has on the stock market. Through the study they
determined that Japanese market reacted much slower than the American market to newspaper articles
discussing breaches. The study found that the Price Book-value Ratio (a ratio of intangible assets to
tangible assets) made the largest impact on how the public reacted to a security breach (Ishiguro). This
trend has also been traced in the U.S. In exhibit 1 of Ashish Gargs study you see how, on average,
American company stocks dropped dramatically after a series of security breaches (Garg).
The previous examples show how important it is to keep the credibility of a firm intact in the
eyes of consumers. Christos Dimitriadis outlines the three underlying duties of IT departments to keep
consumers trust intact. First is business integrity, which assumes that businesses will refrain from
illegally manipulating data. Second is customer asset protection, which ensures that customers trust an
organization to secure their financial assets. Third is customer privacy, which is crucial in getting
customers to feel comfortable sharing the data necessary to carry out transactions with a firm
(Dimitriadis). Businesses such as Pay Pal have become highly successful solely on insuring that other
businesses abide by these three factors, demonstrating the importance of security to consumers.
Not only is it important that firms keep their customers information reliable and secure, but it is
just as important to keep their services available (Dimitriadis). Though information security and the
availability of a firm to conduct business might not seem to go hand in hand, information security plays a
pivotal role in allowing most companies to provide their services. Today, a majority of companies thrive

Puckett 4
off of, or are based solely off of, the internet. Security breaches, such as hacking or altering a company
website, can put the productivity of a company at a complete standstill. The same can be said regarding
software companies, or companies that utilize a specific type of software to function. If the data on
company computers is stolen or damaged, company productivity is greatly hindered and result in the
loss of resources and customer satisfaction.
It is evident why a company would increase information security to prevent the tangible effects
of a security breach (financial loss), but why should a company care about the intangible effects of a
security breach? Companies should care about the intangible effects because it allows them to maintain
consumer confidence levels. A lack of consumer confidence in a company is a lethal blow. Without
consumer confidence a company has no one willing to do business with them. As claimed by Christos
Dimitriadis, Organizations have to be trusted to achieve customer acquisition and retention, which
directly affects their revenue. Not only do security breaches result in a company losing current
business, but it will also deter potential business as well. The study held by Masaki Ishiguro, Hideyuki
Tanaka, Kanta Matsuura, and Ichiro Murase and exhibit 1 included in Ashish Gargs study demonstrates
the effect of information breaches on companies. These studies reiterate the fact that not only
investors, but consumers will lose confidence in companies after security breaches if not handled
properly. This does not mean that minute information security breaches will be an end all for a
company, but a massive breach or series of breaches that occur as a result of a companys negligence or
lack of proper security measures will hinder a companys performance. Contrarily those businesses that
secure a track record of being reliable and properly deal with any security breaches that may occur
prosper in credibility and, as a result, sales. For example, Microsoft and Staples saw little to no backlash
after the series of breaches in 2000 (Garg). This is due to their credibility as companies. Consumers
regard companies, like Microsoft, as being safe and reliable because they strategically handle any

Puckett 5
security breaches without compromising consumer satisfaction. As a result, such companies are less
likely to see significant consumer fallout due to a breach.
Recent changes in technology over the past decades has greatly impacted the way business is
carried out and has built the platform for an entirely new company department, information
technology. The addition of new resources that promote efficiency and productivity of businesses has
introduced new threats to companies. The ability to hold massive amounts of information has made
firms liable for any sort of theft, loss, or damage of this information. As a result of these factors,
consumers look at how safe a company is with information when judging the credibility of a company. A
business who protects consumers assets, keeps sensitive information secure, and keeps the integrity of
their information intact is one a consumer can be confident in, and will return to. Thus, there is a
positive relationship between a companys information security and consumers confidence which
attracts more people to utilize the service, promoting the businesses success.

Puckett 6
Works Cited
Brown, Richard. "Information Security Means Better Business." Computer Weekly. TechTarget, Oct.
2006. Web. 29 Nov. 2012.
Cate, Fred H. "Information Security Breaches and the Threat to Consumers." Electronic Banking Law and
Commerce Report (2005). Web. 29 Nov. 2012.
DAmico, Anita D. "What Does a Computer Security Breach Really Cost?." Secure Decisions. Applied
Visions, Inc, 7 Sept. 2000. Web. 29 Nov. 2012.
Dimitriadis, Christos. "Information Security from a Business Perspective." IT Business Edge. Quin Street,
9 Feb. 2011. Web. 29 Nov. 2012.
Garg, Ashlish. "What Does An Information Security Breach Really Cost? Evidence And Implications."
Information Strategy: The Executive's Journal 19.4 (2003): 21. Business Source Complete. Web.
29 Nov. 2012.
Ishiguro, Masaki, Hideyuki Tanaka, Kanta Matsuura, and Ichiro Murase. "The Effect of Information
Security Incid." I3P. Washington, DC. 23 Oct. 2006. Web. 29 Nov. 2012.