Your request has been received.

WHAT IS THE BUSINESS IMPACT OF A CYBER INCIDENT?

Posted on August 10, 2017

Business leaders are being tasked to protect their organizations by proactively taking steps against cyber attacks and data breaches.  It’s important to understand the full impact of cyber crime in order to make decisions about allocating resources to combat it.

The most recent figures on the average cost of a data breach put the total costs at an average of $4 million or $158 per lost record.

The obvious costs include:

  • Cyber forensics to determine what happened, how it happened, and who was affected
  • Cost of notifying affected parties
  • Cost to provide credit monitoring to affected parties
  • Remediation of the incident, including improvements to cybersecurity
  • Regulatory fines if the data was protected by compliance mandate(s)

However, there are other “hidden” costs of an incident, and these costs can surpass the obvious ones, but are harder to quantify.  They can include:

  • Increase to insurance premiums – As with any coverage, once you use it, your premium is likely to increase and stay higher for years to come.
  • Gap in protection of insurance – Most cyber coverage has exclusions.  Some do not cover cost of notifications, and many do not cover regulatory fines.
  • Loss of business due to downtime from the incident, and then from reputational damage – While you may know the average cost for your business to be down for a day, it is much more difficult to calculate the impact to your customer relationships or lost potential customers due from the publicity of a breach.
  • Loss of intellectual property – What happens if your “secret sauce” information or customer list is made public?  Imagine the advantage that could give your competition.
  • Litigation – Lawsuits are becoming almost inevitable if data that you are entrusted with is exposed. The potential exposure to your business is even worse if it is proven that you did not take prudent steps to evaluate and mitigate risk or meet compliance requirements to protect sensitive data.

Large enterprise can ride out the reduced earnings, drop in stock value, and less favorable rates for insurance and borrowing.  Can your business afford not to take steps to assess your risksand minimize the impact?