Cyberattacks – The True Costs

Top News in Cyber Defence

Cyberattacks – The True Costs

It seems that every day brings a new headline detailing a major cyberattack resulting in significant operational issues, data corruption, or data loss. T-Mobile, The US State Department, and Microsoft all made headlines for major data breaches in the last month alone!

This is due to the advanced sophistication of threat actors, increased global connectivity (IoT), and an overall lack of understanding of what is needed to effectively manage cyber risks at the executive leadership level of most companies.

It is also important to note that these headlines only capture an extremely low percentage of cyberattacks globally, and they typically don’t tell the full story when it comes to the true losses the organization may incur.

To understand the complete view, we must consider both direct and indirect impacts when assessing the overall value at risk.

pyramid diagram of direct and indirect costs of cyberattacks

Direct Costs

During the heat of the moment, most organizations will default to fighting the fire at their doorstep. This is where the focus is turned on the costs to mitigate further immediate risks and return the business to “normal” operations. Depending on the nature of the attack (in addition to operational losses), organizations may immediately need to acquire investigative services, legal services, new technology, customer protection, and invoke insurance policies.

These are direct costs and often substantial ones.

Indirect Cost

What most organizations fail to understand is that the long-term indirect impacts can significantly exceed the direct costs required to recover from a cyberattack. The loss of future customers due to reputational harm, the ability to gain new price-competitive contracts with existing customers, and even the loss of intellectual property can hamper your organization’s ability to succeed, or even continue to operate.

Risk Multipliers

You also need to consider the factors that will exponentially increase your cyber risk profile. Data types (PII, SPI, PHI), intellectual property, jurisdiction, and overall revenue must all be considered when evaluating potential impacts. You should also factor in who is managing your data and how having multiple hosts (suppliers/partners) for your data can increase the likelihood of unauthorized exposure.

Did you know:

  • The average cost of a data breach (under 100,000 records) is 3.86 million dollars (4.5 in CA, 8.6 in the US)
  • The average number of days to identify and contain a cyber breach is 280 days
  • Stolen credentials are the leading cause of breach 19%
  • Lost business is the largest contributing loss factor 40%
  • Incident Response preparedness was the highest cost-saving factor 38% ($2 million)

Data provided by ponemon.org

How We Can Help

At White Tuque, we believe the first step to protecting your assets is understanding your business and the associated risks. Using an advanced and risk-based approach that adapts to the evolving threat and regulatory landscape, White Tuque can become your trusted cybersecurity and resiliency partner.

To learn more about our services, please reach out to us to schedule a free initial consultation.

Would you like more information on this topic?

White Tuque Newsletter | September 2024

CyberSafe Chronicles​ Tuque’s Take on the News Construction firms breached in brute force attacks on accounting software Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.