Target. Home Depot. JPMorgan Chase. Verizon. Yahoo. Arby’s. Dun & Bradstreet. America’s JobLink. Deloitte. Equifax…

The list of breached organizations stretches on and on and includes companies of all sizes and vertical markets — from the largest Fortune-class enterprises to the smallest SMBs.

Words like “data breach” and “hack” can start to seem less and less powerful, though, with each passing announcement. Cybercrime, in other words, is being continuously normalized through an effect called alert fatigue. Most business leaders are now well aware that cybercrime exists, but they aren’t as afraid as they should be because they see it in the news so often.

It’s time to wake up to reality.

The Internet is now one of the most dangerous places to do business on earth. And it’s getting more dangerous and unpredictable by the day, especially for companies in the New York City metro market (which is now the top target for ransomware).

If you choose to ignore cybercrime, it will be at your own peril. Understand that it’s a matter of when, not if your company will get attacked. It’s survival of the fittest, where hackers are preying on companies with weak cyberdefenses as they search for data and secrets that can be sold or extorted.

Here are 3 major reasons why you should fear cybercrime:

1. Cybercrime could destroy your company:  As we explained in a recent article, some industry experts are now calling for the corporate death penalty for Equifax in the wake of the company’s recent data breach which exposed the personal records of 143 million Americans. It’s a reminder that cybercrime can be a devastating blow to a company, especially for SMBs that lack the wherewithal to cover the expenses that arise following breach — like lost revenue, legal fees, lawsuits and more. We haven’t seen a huge corporation go under for cybercrime yet, but it regularly happens at the SMB level — you just don’t always hear about it.

2. Cybercrime could destroy your career: After a data breach, everyone from consumers and advocacy groups to attorneys and industry experts will want answers. And where do you think they will point their fingers —at someone like an end user in finance, who may have clicked on harmful link or used a weak password — or at the company’s leaders? Both answers are correct. Just look at what happened to former Yahoo CEO Marissa Mayer after her company’s cyberdisaster earlier this year. Mayer was denied a $2 million bonus, and had to forego her annual stock for her negligence.

Other CEOs who have been forced out of their positions include:

• Target CEO, President and Chairman Gregg Steinhafel (Resigned from all positions)
• Home Depot CEO Frank Blake (Retired shortly before the company’s high profile breach in 2014)
• Sony CEO  Amy Pascal (Fired for Sony’s December, 2014 data breach)

So executives and data center administrators, we’re talking to you: It’s in your best interest to build a strong cybersecurity culture in your organization. You may not always be able to prevent a data breach, but you need to make it a point to educate your employees and protect your network. It could save your career.

3. Cybercrime could alienate your customers: Customers are often required to submit sensitive data like Social Security numbers when making transactions. And they expect companies will  protect this data. So to a consumer, a data breach can signify more than just negligence but also a lack of respect for their privacy concerns. Understand that even if you do recover from a data breach, your customers may not stick around to see the results. In one study, 64 percent of customers indicated they are unlikely to do business with a company where their financial or sensitive information was stolen. And 49 percent of consumers are willing to take action against breached companies.

Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.