If your company is working with the bare minimum when it comes to cybersecurity, prepare for this neglect to come at a significant price.
A 2017 study by Accenture and the Ponemon Institute tracked the cost of cyber crime to companies in seven countries across fifteen different sectors. In the study, researchers gathered information from nearly 2,200 interviews with IT personnel from a sampling of over 250 large-sized companies.
Armed with this data, they then calculated the companies’ costs in the first four weeks after a breach.
What they found will make you rethink your cybersecurity plan:
- The average financial toll due to cyber attacks totaled $11.7 million per firm, with financial service firms topping the charts at $18.28 million.
- Technology and software companies paid a total of $13.17 million.
- Healthcare firms paid a total of $12.47 million in 2017.
- It took an average of 50 days to resolve a malicious insider’s attack.
- Among the consequences of cybercrime, information theft checks in as the most expensive, followed by business disruptions, and revenue loss.
- A company’s size also plays a role, as does the country in which it’s based. For example, a company based in the U.S. is likely to pay more for cybercrime than an Australia-based company.
The study’s detailed data goes further. It shows that the actual cost is driven by factors like the type of cyber attacks and their frequency. Malware and web-based attacks tend to cost the most, with a company’s annualized costs reaching $2.4 million for malware attacks and $2 million for web-based attacks.
You may recall 2017 was a big year for malware attacks with WannaCry and Petya. Interestingly, financial service companies were one step ahead of malware attacks, with advanced security solutions protecting them and their customers.
As a result, financial firms paid an average of $5,000 per malware attack. However, they floundered when it came to denial of service, costing $227,000 per attack, and social engineering, costing $196,000 per attack.
Cybersecurity and Social Media Gains Attention
Additionally, many companies and organizations are also starting to pay attention to social media as a potential risk center. The FBI now tracks social media as a growing threat vector for potential cyberattacks, similar to Business Email Compromise. In 2016, social media ranked #4 on the FBI’s list of internet crimes by number of reported victims (~18k).
In March 2015, the New York Times reported that “it was reasonable to expect law firms to be targets of attacks by foreign governments and hackers because they are repositories for confidential data on corporate deals and business strategies.” The report found that “digital security at many law firms, despite improvements, generally remains below the standards for other industries” and that law firms are at “high risk for cyberintrusions”.
Law firms, accounting firms and other professional service providers generally don’t have the same degree of investment or protection in their cybersecurity infrastructure as do other firms which might be more focused on security, such as financial services and healthcare companies.
Fake profiles, impersonation, fake information bots and social engineering via social media are becoming far more common. The costs associated with cyberattacks, data breaches and social engineering originating in social media continue to rise.
Unsure if your business is protected? The researchers suggest a strong cybersecurity foundation, constant innovation to stay ahead of hackers, and conducting extreme pressure testing to identify vulnerabilities. We also recommend updating your employee policies and training regularly to ensure everyone knows what to do in the case of a potential cyberattack.