OPINION:
Clearly, it is an egregious violation of today’s social norms to “shame” someone for being overweight, as HBO talk-show host Bill Maher can surely attest. (The uproar over Mr. Maher’s advocacy of fat-shaming was covered everywhere, from The New York Times to the BBC.)
Other forms of shaming are equally taboo; a few months ago, Mayor Rick Kriesman of St. Petersburg, Florida, angrily decried “fan-shaming” St. Petersburg’s residents for the Tampa Bay Rays’ paltry home attendance. Perhaps this ought to be expected; after all, we are living in culturally-sensitive, more-tolerant times.
But there’s still one victim group that society shames repeatedly — and with near-total PC-impunity: Businesses victimized by cybercrimes.
If a brick-and-mortar restaurant was ransacked overnight, and burglars stole their files and equipment, most people would be filled with compassion for the poor restaurant owner. In fact, the patrons who ate there the most would likely be the most outraged.
But if the same restaurant was victimized by cybercriminals and the bank says there might be a problem with a credit card, the same people’s default-settings is to blame the restaurant: “How dare they expose my data like that! I’ll never eat there again!”
It’s almost the exact same situation, but it’s become culturally acceptable to respond in dramatically different ways.
There is a long (and deplorable) history of “victim-blaming” in the United States. Victims of sexual assault were all-too-often “slut-shamed” in court and socially stigmatized outside of it, which led to the introduction of rape-shield laws and other legal protections. More recently, the #MeToo movement and sweeping cultural headwinds have made it very clear that the days of blaming the victims are, at long last, finally over — because it’s the perpetrator who is responsible for his or her actions.
Except, of course, when it comes to cybercrime victims.
Obviously, businesses don’t want to get hacked. More often than not, they’re legitimately trying their best. But this tech-stuff is complicated. Criminals are sneaky and ridiculously persistent. Fraud tactics and crime trends are constantly evolving, and geography is meaningless.
This is a global financial threat unlike anything we’ve ever seen in the history of international economics. But the problem is, by shaming businesses into silence, we’re incentivizing them to hide their cybersecurity problems.
That’s the polar opposite of what we want.
To stop future cybercrimes, we need their data. We need transparency. We need these scams to be reported.
Today, 99 percent of all American firms and companies are small businesses: Nearly 90 percent have less than 20 employees, and roughly 40 percent reported an annual revenue of under $100,000. Globally, 43 percent of all cyber attacks target small businesses, and 60 percent of these companies will go out-of-business within six months of a cyber attack.
Small businesses are especially vulnerable to cybercrimes because their operational margins are so narrow.
Amazon, Apple and Google might get all the headlines, but it’s small, privately-owned American businesses that really run our economy. But because they’re small, they don’t always have the resources to withstand the reputational hit. According to a survey, less than half of respondents would forgive a company for a data-breach. Ask yourself, how many businesses, large or small, are so secure and successful that they could jeopardize losing over 50 percent of their customers?
We should stop socially-shaming the victims and redirect our energies to safeguarding our networks, IT processes and financial technology. In other words, we should be foster a new cultural paradigm, where we rally and support cyber-victims, and learn whatever we can from the data they provide.
Some cybercrimes are random. An e-store that’s been breached might actually have superior security to one that hasn’t. That’s why we shouldn’t make kneejerk judgments about a store’s culpability. But in order to protect everyone, we need accurate data. And that just won’t happen if companies are too ashamed to self-report cyberattacks.
That doesn’t mean, however, that businesses are absolved of all culpability.
If a business is going to handle our financial data, we expect them to take all reasonable precautions to protect our information. That’s a given. But it’s unfair to expect anything to be 100 percent foolproof, especially when even the biggest, wealthiest companies, countries, celebrities, sports franchises and international organizations are still getting breached every single year. It’s utterly irrational, and it’s creating a culture of silence. What we want is a culture of openness.
After all, when it comes to cybercrimes, it’s less about any one particular store and more about our entire, top-to-bottom e-commerce ecosystem.
Cybercriminals are highly opportunistic. When a cyber-scam is successful against one company, it’ll be used again and again and again. That’s what cybercriminals do. In a way, our small businesses are the canaries in the coal mines. But instead of heeding their warnings, we’re shaming them for the “crime” of getting sick. It’s crazy, and it’s got to stop.
• Monica Eaton-Cardone is the owner, co-founder and COO of Chargebacks911, the first global company dedicated to preventing chargeback fraud, eliminating cyber-shoplifting and safeguarding the “eCommerce experience” for merchants and consumers.
Please read our comment policy before commenting.