If you’re in business, then you’re worried about phishing attacks, or at least you should be. But, even if you are worried about phishing attacks, there’s a pretty good chance you don’t understand the greatest threat of all to your company.

You probably think the worst thing that can happen from a phishing attack against your company is ransomware. Some hacker encrypts your data and you pay a ransom to get it back (or not). Or, maybe you think the worst thing that can happen is a data breach where your customers’ data gets exposed and you have to pay some sort of fine.

Those are all bad, and reason enough to avoid getting phished. Believe it or not, there’s something much worse that can happen. What could be worse? How about losing customers? Some of them forever. And if you lose enough customers, it won’t matter if you recover the encrypted data or pay the fine because you won’t be in business any more.

According to recent research conducted by PCI Pal, “In the US, 83% of consumers claim they will stop spending with a business for several months in the immediate aftermath of a security breach, and over a fifth (21%) of consumers claim they will never return to a business post-breach.”

It’s the same worldwide. In the UK, 44% of consumers will go away after a breach. In Australia 43% and in Canada 58%.

This research suggests there are some serious implications of a breach. There are two strategies every organization should employ to address them. First, and most obvious, is to avoid getting phished in the first place. With a combination of employee awareness training and cloud-based email security, companies can almost eliminate the possibility of getting phished.

Second, “companies should adequately prepare themselves for the increasing likelihood that a data breach will inevitably occur.” No matter how good your defenses are, there will always be greater than 0% chance of getting phished. Hackers are just that good. And so the thing to do is to prepare ahead of time for such a situation.

According to the report, there are “several steps companies can take to regain consumer trust, before and after a data breach, such as undergoing regular security audits or announcing compliance with data privacy regulations.”

The time to prevent and prepare for a security breach is right now. Get your employees trained up. Get those audits scheduled and those privacy regulations in place. And most importantly, protect your company using cloud-based email security with Advanced Threat Defense by Phish Protection.