The Hidden Costs of a Cyber Attack: What You Need to Know

A cyber crime is simply defined as a particular type of criminal activity that is carried out A) by a computer and B) over the Internet. If you've ever had a work computer struck by a virus, have had an unauthorised intrusion into your network, or have fallen victim to a ransomware scheme, you’ve already experienced  a cyberattack whether you realised it or not.

Not only is there an increasing prevalence of cyber crime as technology continues to advance, but businesses in particular are becoming key targets for hackers with each passing day. According to one study conducted by the Identity Theft Resource Center, more than 29 million records were exposed in 858 different breaches in one year alone. Another study revealed that a massive 50% of small and mid-sized businesses in particular had at least one cyber attack or other security breach incident in 2016. 

While it's certainly no secret that big financial losses are associated with a cyber attacks, a recent study conducted by Deloitte found that the hidden costs behind these attacks were actually far more significant than the direct and more easily anticipated ones. They described an average cyber attack as something of an iceberg. The ‘above-the-surface’ costs are usually those that involve a technical investigation, attorney fees and litigation, public relations, cybersecurity improvements and more.

The ‘beneath-the-surface’ costs, on the other hand, are an entirely different story. Many experts —like those at QBE insurance — agree that the media drastically underreports the real costs of cyber attacks on businesses in particular. This leads to certain slow burn costs that linger long after the attack has happened, both financially and non-financially speaking.

These hidden, non-financial or otherwise less visible expenses contribute to the REAL cost of cyber crimes around the world, which is expected to reach a staggering $2 trillion by 2019.

The Impact on Your Operations

The most immediate hidden cost of a cyber attack ultimately comes down to the impact that it has on your operations. Any type of security breach, regardless of how small, will almost certainly lead to downtime. According to one study, a full 98% of organisations say that a single hour of downtime ultimately costs them over $100,000 in lost productivity, maintenance and repairs, and other costs alone. This is nothing compared to what you'll have to pay for maintenance, upgrades, etc.

But you also have to consider the data that has been damaged, stolen, or otherwise lost to the point where it isn't coming back. Consider all the work your employees did on those critical projects that simply evaporated into thin air. These are the very real costs that could take years for your business to recover from - if you're able to do so at all.

The Lost Value of Customer Relationships and Your Reputation

Another one of the slow burn costs that will linger long after a cyber attack has taken place involves the lost value of certain customer relationships that you once had. Simply put, once you've been the victim of a security breach (and customers know that their personal information has been compromised), even once loyal clients are going to think twice before doing business with you again.

Some of those relationships will be gone forever or, at the very least, broken beyond repair. Customer lifetime values will drop across the board and, sadly, there isn't much that you can do about it — at least in the short-term. 

This plays directly into another related cost — the overall devaluation of your brand name and/or your reputation. In no uncertain terms, you must understand that there is no brand on Earth strong enough to sustain the aftermath of a cyber incident that was handled poorly to begin with. Target, for example, is estimated to have paid out $145 million after its high profile breach in 2014.

It took them almost an entire year to even get to the point where they could begin to repair customer relationships and they still suffered massive launches, shutting down all of their stores in Canada as a result. The retail giant's profit took a 46% dip in the fourth quarter of that year alone and it is still in the process of recovering.

Insurance Premium Increases

You also need to think about insurance premium costs both in terms of your typical business insurance and specialised coverage designed specifically for cyber attacks. Both costs will absolutely soar in the aftermath of a breach and now that you're a high risk client, the chances of you getting them reduced again are slim.

Even if you had cyber insurance, it's very likely that what you could previously afford isn't enough to cover the damages for the attack you just faced. Many insurers limit their amount of coverage to $100 million, and many high profile attacks can easily cost twice that or more.

Regulatory Fines and Related Costs

Last but not least, we have regulatory fines and other related costs — something that is relevant to Australian businesses in particular due to legislation that is set to go into effect in February. If a business is found guilty of suffering from a data breach but failing to inform the public within an appropriate amount of time, the organisation itself could be liable for up to $1.8 million in fines and directors could face individual fines of up to $360,000 per breach. 

This means that in addition to all of the aforementioned costs that you will almost certainly have to deal with, if you fail to properly notify your customers that a data breach has occurred (something that itself already costs money), your expenses will balloon in a very significant way.

Powernet: Your Partner in Proactive Cybersecurity

With stakes as high (and as expensive) as these, it's very clear that cybersecurity is something that business owners everywhere need to properly address at all costs. A reactive approach to security, meaning that you sit around and wait for something to happen before jumping into action, will no longer cut it. Only a proactive, preventative security focus will be enough to protect your organisation into the next few years and beyond.

If you'd like to find out more information about the hidden costs of a cyber attack, or if you'd like to learn what you can do to help make sure that these are the types of expenses your organisation doesn't have to deal with, don't delay — contact Powernet today.