Of course we all wish to avoid a cyber attack – anything with the word attack in it almost guarantees an averse response. But do we know why such an attack should be avoided? There are multiple reasons a company of any size should hope to avoid a cyber attack, but there are specific areas which are heavily impacted by such an incident, namely financial, operational, and reputational pieces of the business.
In 2021, cyber attacks cost the United States $6.9 billion, per the FBI’s Internet Crime Compliant Center (IC3). The most costly attack listed on the IC3 2021 list was “business email compromise/email account compromise”; these cyber crimes can mostly be classified as phishing scams and they are common but also easily preventable. These attacks alone made up $2.4 billion of the cyber attack costs last year. Phishing attacks are the most frequent way that malicious actors gain access to a company’s systems and often result in data breaches. The world-wide average cost of a data breach reached $4.24 million last year.
Of course, these large numbers in the millions and billions include the cyber attack stats not only from small-to-medium sized businesses but also from international corporations, which can skew the numbers when looking at this from a local business owner’s perspective. Regardless of company size, a high price can be expected when a cyber attack comes knocking. This can be made up of the ransom demanded by a hacker who takes your data and holds it for ransom; these costs may also come from the price paid by the company to recover from any attack including the fee paid to cyber professionals to fix the issue and the additional cost to beef up their defenses in order to protect against future attacks. There are other costs that may make up the bill that follows an attack, some of which we will get into in our next sections.
Business and employee productivity are areas of operations which are heavily impacted by a cyber attack. Financial loss encompasses a majority of the cost that business owners are concerned with following an attack, but they may think of this primarily as including the expenses discussed above such as paying the malicious actors in order to regain access to your data or paying the cyber professionals needed to help get you out of this mess. However, additional financial loss is incurred in the downtime that follows an attack. An average of $23,000 was lost due to downtime spent recovering from each cyber attack in 2021.
Operational loss or loss of productivity has further impact to a business than just financial, however. While downtime following a major cyber attack such as a data breach or ransomware attack comes to mind as employees sitting an unusable desktops with IT folks doing all they can to get things back up and running. The downtime from a cyber attack immediately follows the event and can be anticipated. However, there is additional downtime from smaller cyber attacks that may not be so easily guessed. According to a recent Kaspersky report, it is estimated that individuals wasted nearly 80 hours of time scrolling through and filtering out spam emails, many of which are phishing or scam emails. If the average employee at your company is paid $40/hour, that is a cost to your business of at least $3,200 per employee per year, which can really add up.
Not only is it possible to lose productivity internally following a cyber attack, but it is also likely that your external business will be impacted as well. A company’s reputation absolutely takes a ding when they are rocked by a cyber attack; in 2021, an average of $5,000 was lost in future business opportunities per company per cyber attack. So not only is your company struggling to deal with the PR from an attack, but there is an additional financial burden here as well.
What’s worse is the impact to your future business opportunities when your business is the weak link that causes a cyber attack for one of your clients. The NYC School system was hit earlier this year by a data breach which made vulnerable essential student data and safety information. The attack was found to be caused by a third party company, Illuminate Education, who the school system has since come out and publicly removed themselves from. This news has spread country-wide and will make it incredibly difficult for this company to operate with any school systems going forward. Not only was the company struggling to recover from the attack on one of their clients, but they are losing out on future earnings as well.
These reasons, among others, highlight why strong, preventative cybersecurity defenses are essential to your business’ success. These attacks not only affect if your networks work, but they can impact your wallet, productivity, and your future as a company as well.