The Real Cost of a Cyber-Attack on Your Business
The announcement of the cyber-attack on U.S. health insurer Anthem is just the latest in a long line of cyber-attacks on the likes of eBay, Home Depot, JPMorgan Chase, Neiman Marcus, P.F. Chang’s Restaurant, Sony Pictures Entertainment, Staples, Target, and the list goes on…and on…and on.
Having spent many years in the technology industry working to safely manage, store and protect electronic records, safeguarding company, employee and customer information is important to me.
It's also important to understand the true cost of cyber-crime and the fact that small and mid-size companies are actually more vulnerable to an attack than the large, well-known companies we hear about on the news every day.
Cyber-Attacks by the Numbers
The 2015 Global State of Information Security Survey® conducted by PwC presents eye opening data collected from over 9,700 business, IT and security executives. The survey revealed that the total number of security incidents discovered by its respondents in 2014 was 42.8 million – or a total of 117,260 per day. That is a 48% increase over the previous year.
It’s no surprise that with security breaches reported by companies the size of Anthem, Sony and Home Depot, companies reporting financial losses of $20 million or more grew by 92% over 2013.
Smaller companies are certainly not immune. The cost of mitigating and managing data breaches is being shouldered by companies of all sizes. Here are the average financial losses incurred as a result of one cyber-attack.
Small companies with revenue of less than $100 million incur a $0.41 million loss.
Mid-size companies with revenue between $100 million-$1 billion incur a $1.3 million loss.
Large companies with revenue greater than $1 billion incur a $5.9 million loss.
It’s important to remember that these cyber-attack stats reflect only those incidents that have been reported. Many small and mid-size companies are unaware of security incidents effecting their businesses because they haven’t implemented information security measures. They believe their companies are too small or irrelevant to be targeted by hackers. As a result, the attacks go unreported.
Do you feel the same way? Have you implemented security measures to protect your company, employees and customers?
Being unable to detect threats leaves you completely exposed to hackers who often target smaller companies as an easy way to gain an electronic entry point into larger companies with whom they are partners.
The financial cost of a cyber-attack.
When calculating the financial loss of a cyber-attack on your business, it’s important to think outside the box. The implications can go far beyond monetary losses and computer downtime. This is particularly true for small companies since one well-orchestrated cyber-attack has the potential to quickly put a business out of business. Here are some items you must consider when calculating the total cost of a possible data breach on your organization.
Additional expense of credit monitoring and identity protection services provided to customers.
Loss of current and future revenue from existing customers.
Government fines associated with violation of industry regulations.
Legal defense fees associated with litigation.
Cost of insurance and implementation of electronic countermeasures to detect future attempts.
Damage to your company’s brand and reputation in the market.
Prolonged court cases which distract from business focus.
Theft of company secrets or intellectual property including manufacturing processes, competitive intelligence, company growth plans and strategic initiatives.
Loss of focus on product development/competitiveness while time is spent cleaning up the mess.
Protecting your business from cyber-attacks.
While many of the widely reported attacks are perpetrated by external hackers or even teams of cyber-criminals financed by foreign governments, some of the most damaging incidents of cyber-crime are actually initiated from within a company. The U.S. State of Cybercrime Survey, cosponsored by PwC, the United States Secret Service, CSO Magazine and CERT Division of the Software Engineering Institute at Carnegie Mellon University, said that almost one third of respondents reported that insider crimes were actually more costly than those committed by outsiders.
This doesn't mean that your employees are out to rip you off. The vast majority are simply unwitting culprits. The widespread use of employee owned mobile devices for work related activities, better known as BYOD (Bring Your Own Device) and the use of social networks like LinkedIn, Twitter and Facebook, where large amounts of personal information about jobs, colleagues and other business connections are shared, give hackers the tools they need to infiltrate and exploit a business’ weaknesses.
Lost or stolen laptops, tablets or smartphones are ripe for hackers especially if weak or no passwords are used and former employees may be able to reenter a company’s network through their own devices if their employer has forgotten to delete their password used to gain access to company records.
The intersection of our personal and business lives and the fact that we now live in an always on, always connected, work anywhere at any time world requires a new level of data security.
The Bottom Line.
As business executives, we’re focused on growing our businesses, not running IT departments. But cyber-crime is not just an IT issue to be ignored by the C-Suite, nor is it only felt by large retailers, financial firms, banks or healthcare institutions. Being proactive in implementing a company-wide strategy to prevent cyber-attacks is critical to businesses of all sizes and industries.
Do you have a strategy in place to protect your company? What tips can you share with others?
About the Author
Lisa Masiello is an award winning tech industry marketing strategist, start-up advisor and founder of TECHmarc Labs. She writes on B2B growth, channel management, marketing strategy, customer experience, and CMO success. Chat with Lisa by email at Lisa.Masiello@TECHmarcLabs.com. Connect with her on LinkedIn.