$649000, the cost of a cyber attack on business!

by Sharon Lobo    Jun 28, 2013

Cyber Attack

Any cyber attack can bring unprecedented damage to a company, but can these damages be quantified in financial terms? This year, experts at B2B International calculated the damages stemming from cyber-attacks based on the results of a survey of companies around the world.

The survey titled, 2013 Global Corporate IT Security Risks survey, found that the average cost incurred by large companies in the wake of a cyber attack is a whopping $649,000. To arrive at the most accurate picture of costs, B2B included only incidents that had occurred in the previous 12 months. Additionally, the assessment was based on information about losses sustained as a direct result of security incidents.

The two key components of the assessment were the damages resulting from the incident itself, eg losses stemming from critical data leakage, business continuity, and the costs associated with engaging incident remediation specialists. While the second aspect was unplanned ‘response’ costs required to prevent future, similar attacks, including hiring/training staff and hardware, software and other infrastructural updates.

In such a scenario one would wonder, if it made sense for organisations let cyber-attacks go unreported and absorb the losses since at least it saves face. However, Wade Baker, managing Principal, Verizon Risk Team offers a different view, “We have seen so many breaches and consumers have experienced this a few times. So I think is more awareness, which allows for greater understanding of the situation, thereby allowing companies to report such incidents and steps taken to mitigate it. This move will in turn increase customer loyalty”

Typically, companies that fall prey to cyber-attacks only come to understand the importance and value of these solutions after an incident occurs – meaning additional, preventable costs. A simple comparison of the scale of expenses against the costs and damages caused by a cyber-attack shows that, in the overwhelming majority of cases, investment in quality, effective IT security would have been considerably less than the costs incurred following a breach.

A key lesson to be drawn from this study is that even the most destructive and expensive attacks could have been prevented. Attacks exploited holes in company security that could have been patched up if only the targeted corporations had used quality IT security solutions and managed IT infrastructure appropriately.