What is the financial cost of cyber attacks?
According to the World Economic Forum, the cost of cyber attacks varies based on the type of attack. For example:
- The average cost of cyber attacks due to malware: $1.4 million
- The average cost of cyber attacks due to Denial-of-Service (DOS): $1.1 million
- The average cost of cyber attacks due to malicious insiders: $1.2 million
- The average cost of web-based cyber attacks: $1.4 million
In addition to direct clean-up costs, these figures include costs that businesses incurred as a result of information loss and overall disruption.
Is there a hidden cost of cyber attacks?
Yes, in fact there are numerous hidden costs associated with cyber attacks. Hidden costs include internal upheavals (loss of talent), reputational damage, customer losses, declining stock prices, and more.
When cyber attacks target healthcare or hospital systems, the cost of cyber attacks can be calculated in health record compromises and IoT disruptions, leading to medication distribution errors, botched surgeries, and/or lost human lives.
Hidden costs of cyber attacks can have lasting effects on organizations and the businesses or people who they serve.
Should small-to-medium businesses (SMBs) worry about the cost of cyber attacks?
According to a study by the Poneman Institute, nearly 70% of SMBs experienced cyber-attacks within a 12 month timeframe. Some SMBs note that they do not know how to protect their business from attacks, potentially leading to excessive attack clean-up costs.
Research indicates that SMEs often severely underestimate the financial costs associated with a potential cyber attack.
How can organizations potentially mitigate the cost of cyber attacks?
Ninety-two percent of IT leaders assert that better IT governance leads to better economic outcomes in the face of cyber risks.
Your organization may want to invest in threat intelligence programs. These enable C-levels and IT professionals alike to stay up-to-date regarding attacks affecting similar industry groups, and can keep everyone more informed when it comes to attack outcomes. In turn, this information can assist organizations in deciding which new security tools to purchase, potentially lessening any attack damage, and any associated attack clean-up costs.
When an organization’s C-levels strengthen ongoing communication, cyber prevention strategies can be finessed. For instance, one leader may be aware of business resources in need of protection that others may not have known of. When leaders communicate well, IT professionals can more aptly implement protections, resulting in fewer successful attacks, and a cyber security infrastructure that may be able to mitigate attack damage (and subsequent costs).
If your organization works with third-parties, find out what types of cyber threats they’re likely to face. Ensure the appropriate transfer of risk, as available via cyber insurance. Third-party breaches are the most costly type of beach.