The Financial Implications of Cyber Attacks: What Boards and C-Suites Need to Know

Introduction

A general misconception, as noted by Aftab Saloda, Business Head of Cybersecurity Services, Silverse, is that one’s business is secure because it has not yet faced a cyberattack. However, there may be threats you are not aware of or that may have already taken place. These can further lead to your business having to manage the cost of cyberattacks.

Notably, cybersecurity attacks exhibit impartiality. Cybercriminals show no regard for the scale of an organization, targeting entities ranging from large corporations to small businesses with identical methods. Similarly, there is no discrimination based on the nature of the product or service offered.

In this article, Silverse takes you through the financial implications of cyberattacks, so your board and C-suite members can be better prepared in the event of one.

The Evolving Cyber Threat Landscape

To better understand the cost of cyberattacks, we should first know the current threat landscape.

The upheaval in markets, driven by changing regulations, technological advancements, geopolitical tensions, and economic instabilities, is challenging the risk management and resilience strategies of global organizations.

Additionally, the cyber threat landscape is only expected to grow more complex. From nation-state actors to ransomware threat families, cybercriminals are becoming faster, savvier, and more coordinated in adapting their strategies to new schemes.

• Cybersecurity regulations and initiatives, particularly those pertaining to data privacy, are on the rise around the world. Recent examples include India’s Digital Personal Data Protection Act (DPDPA) and the US’ American Data Privacy and Protection Act (ADPPA). Businesses increasingly need to ensure regulatory compliance to avoid hefty fines.
• Ransomware remains a major ongoing challenge for organizations across the world. Indeed, the share of ransomware in overall global cyberattacks stands at 68.42%. Corporations, municipal services and critical infrastructure are all likely targets.
• Artificial Intelligence (AI) is a growing threat that businesses need to remain aware of. A major concern is the emergence of malicious large language models (LLMs). These AI systems, trained on extensive textual datasets, can produce text of human-like quality, perform language translation, and even craft various forms of creative content.
• Importantly, AI and Machine Learning (ML) can also be used as tools to protect against cyberattacks.
• As the array of APIs and applications expands, resulting in a wider attack surface, the adoption of Development, Security, and Operations (DevSecOps) methodologies becomes increasingly vital for ensuring the secure development and deployment of software.
• As per Accenture’s 2023 State of Cybersecurity Resilience study, threats and risks have accelerated due to geopolitical tensions. External networks and third parties are widely considered the most probable sources for attacks. While a high number of cyber threats come from inside sources, indeed, cyber breaches from outside companies retain a high success rate at 61%.
• 97% of the global organizations surveyed by Accenture have witnessed an increase in cyber threats since the beginning of the Russia-Ukraine conflict.
• The best way to allocate cybersecurity spending on a limited budget is via outcome-based goals and metrics. According to a CISO Benchmark Survey by Cisco, 61% of organizations across the world are utilizing this method.
• Having said that, coping with multi-vendor environments seems to be significantly impacting cybersecurity fatigue. That is, companies in such environments are starting to give up on proactively defending against malicious actors.
• The World Economic Forum’s (WEF) 2024 Global Cybersecurity Outlook reveals a concerning trend: the presence of organizations maintaining a minimum viable level of cyber resilience is diminishing. Since 2022, there has been a 31% decrease in organizations reporting this minimum viable cyber resilience.
• The gap between organizations that possess the cyber resilience to flourish and those struggling to endure is widening. Consequently, the least adept organizations find themselves continuously lagging behind, further jeopardizing the integrity of the ecosystem.

Despite the above trends and statistics, there is room for optimism. Thoughtful cyber-resilience and response measures are gradually proving effective. Equipped with appropriate security tools, technology, and strategies, organizations can effectively shield themselves from these threats.

The Cost of Cyberattacks

Worldwide cybercrime costs are estimated to hit $13.82 trillion by 2028. However, the cost of cyberattacks can vary depending on factors such as initial response, recovery period, reputation loss, and regulatory fines.

Furthermore, organizations should be aware of “hidden” costs, such as insurance premium raises, increased interest rates on borrowed capital while renegotiating or raising debt, and loss of intellectual property.

That being said, certain broad statistics and examples on the cost of a cyber attack can be useful for the preparation of a cybersecurity strategy and avoidance of unnecessary spending.

• The average cost of a data breach is $4.45 million, as per IBM’s 2023 Cost of a Data Breach Report. This is a 15.3% increase since the 2020 report.
• Having said that, the average per-record cost of a data breach is $165.
• The top 5 countries or regions with the highest average data breach cost include, in order, the US, the Middle East, Canada, Germany and Japan.
• In terms of industries, healthcare has consistently reported the highest data breach costs for over a decade. The costs have increased by 53.3% since 2020, currently standing at an average of $10.93 million.
• The top industries with the highest data breach costs include, in order, healthcare, finance, pharmaceuticals, energy and industrial.
• In some more encouraging news, lost business costs from data breaches are at a five-year low, and dropped by 8.5% between 2022 and 2023.
• According to the WEF survey, 14% of business leaders and 29% of cyber leaders consider the cost of transforming legacy processes and systems the largest barrier to cyber resilience.
• Cyber incidents can affect companies’ stock prices, especially in the short term. This impact can create a ripple effect across the business ecosystem. For example, the revelation of a security breach of a third-party supplier to Okta resulted in an approximately $6 billion reduction in the company’s market capitalization.

While it is important to be aware of the costs involved in cyber attacks, cybersecurity can be treated as an opportunity for businesses to reach greater heights.

For instance, according to Accenture, enterprises that integrate their cybersecurity initiatives with their business goals are 18% more likely to improve their capacity to boost revenue growth, expand market share, and enhance customer satisfaction, trust, and employee productivity.

How Can Organizations Build Cyber Resilience?

A cyber resilience strategy is crucial for maintaining business continuity and mitigating both financial losses and reputational harm.

Cyber resilience pertains to an organization’s ability to prevent, endure, and bounce back from cybersecurity incidents. It helps to sustain operations and fulfill objectives even in the face of disruptive events such as cyberattacks, natural disasters, or economic downturns.

Investing in robust cybersecurity infrastructure and technologies, engaging in strategic planning, and collaborating with industry peers, regulatory bodies, and cybersecurity experts can have tangible benefits.

For example, according to IBM’s report, organizations that have made significant investments in incident response planning and cyber attack protection saved an average of $1.49 million, compared to entities that have minimal or no incident response planning. Similarly, organizations extensively leveraging security AI and automation achieve an average savings of $1.76 million.

Conclusion

In today’s rapidly evolving landscape, the success of a business hinges at least in part on its cyber resilience and data protection methods. These not only lower the cost of cyberattacks, but safeguard reputation and maintain compliance.

It is important to note that cybersecurity begins at the executive levels. Priority should be given to empowering current CISOs and taking advantage of cyber strategy and consulting. Indeed, leveraging cybersecurity as a service can help entities drive greater business outcomes.

Silverse provides comprehensive cybersecurity services, from security tools implementation to major incident response and preparedness. If you are ready to begin or bolster your cybersecurity journey, contact us now.