The real cost of cybersecurity breaches
In today’s technology-driven era, cybersecurity breaches are just a click away. All businesses, large and small, are at increasing risk of falling into the latest, increasingly-sophisticated cyber crime trap. And with the vast majority of workforces mainly operating online due to partly or fully working from home due to Covid-19, cyber crime is more of a threat than ever before. We explore what cybersecurity breaches are and reveal some of the (hidden) costs associated with them.
What is a cybersecurity breach?
They are essentially an incident in which online data, applications, networks and devices are compromised by cyber criminals. During these incidents, the cyber criminals break into areas they don’t have the authority to access.
Cybersecurity breaches aren’t to be confused with data breaches. Security breaches are when somebody ‘illegally’ enters your system(s), using methods such as malware or a DDOS attack. In these circumstances, nothing is taken, only illegal access is made. Data breaches are when they actually go one step further by taking confidential data, such as credit card numbers or names, from your files or networks that they aren’t authorised to take.
Cybersecurity breach examples
As we mentioned at this start of this article, cyber crime is a widespread issue, that isn’t anticipated to become any less significant anytime soon. When they strike, cyber breaches can have a devastating effect on organisations. For example:
- In 2019, cybersecurity company, Avast, suffered a malware attack, illustrating the fact that even the most cyber secure of organisations can be at risk of cyber crime
- In 2018, Facebook lost 29 million users’ personal data. This was caused by internal software flaws
- In 2017, credit score company, Equifax, lost the personal details of 145 million Americans. This major data breach was caused by a weakness in their website app
- In 2014, eBay had to deal with PayPal users’ passwords being compromised. This was caused by a security breach
- In 2013, Yahoo saw 3 billion of its user accounts being compromised. Hackers managed to successful implement a phishing attack and get into the network
Cybersecurity facts and statistics
Cyber crime exists in various guises that are adapting at the rate at which technology is evolving, making them more prevalent and difficult to stay one step ahead of. What’s more, cyber attacks can also manifest in so many different ways.
To help put the issue into perspective, we’ve researched some of the latest stats in relation to cybersecurity, several of which we’ve shared with you below:
- 88% or organisations were the victim of spear phishing attacks in 2019
- 68% of business leaders say cybersecurity risks are rising
- 36 billion records were exposed by data breaches in the first six months of 2020
- 11,762 breaches were recorded between January 1, 2005 and May 31, 2020
- 300 million passwords are used by humans and machines across the globe
- 58% of breaches involved personal data in 2020
- 94% of malware is delivered by email
- 60% of the most malicious domains are associated with spam campaigns
As for how cyber crime presents itself, the options are just as widespread as the impact of the actual breaches. The most common forms of cybersecurity attacks this year were:
- Phishing – is an attack involving emails that trick people into downloading harmful messages. Types of phishing attacks, include spear phishing, in which a company’s demographic is targeted, and whaling, aimed at senior executives.
- Ransomware – is a form of malware that stops you from accessing your software unless you pay to release yourself. It most commonly spreads via spam or malicious downloads.
- Malware – stops devices from working or slows them down. It can strike via email attachments that contain a malicious code or file-sharing software that spreads harmful materials that are made to look like images or music files.
- Data breach – happen when confidential data is taken. Almost 90% of data breaches are reportedly financially motivated, but they can also be caused by human error too.
- Distributed Denial of Service Attack (DDoS) – take place when cyber criminals manage to add an unhealthy amount of traffic to a system or server, resulting in operations pausing or grinding to a halt.
- Man in the Middle Attack (MitM) – are caused when attackers intercept and modify electronic messages, usually to harm relationships and spy on conversation. A fake wi-fi hotspot is a prime example of this.
The hidden costs of a cyber attack
Just as the risk of cyber attacks is on the rise, so too are the recovery costs for businesses. Unfortunately, what many companies don’t realise, is that they can still be paying the price for cyber crime several years after falling victim to it. According to research carried out by IBM, businesses have to pay for as much as 90% of the recovery costs, as much as $4million, long after the actual event.
This is due to the fact there are numerous different costs involved with dealing with the fall out of a cyber breach. There are the more immediate, indirect costs, such as customer breach notifications, regulatory compliance fines and legal fees, that have to be paid within a short space of time. The vast majority of these costs, which people tend to immediately associate with cyber attacks, are covered by cyber insurance policies.
However, there are also less-known-about ‘hidden’ or ‘below the surface’ costs that emerge further along in the recovery process. It’s these costs that reportedly make up as much as 90% of the overall cost of cyber crime recovery. These costs include:
- Increased insurance premiums
- Operational downtime and interruption
- Loss of intellectual property
- Damaged customer relationships – that can also lead to a loss in customers
- Lost contract revenue
- Reputational damage
- Devaluation of trade name
- The list goes on…
The cost of cyber crime in the UK
We’ve just referenced the main types of costs associated with cyber attack recovery, but what does the true cost of cyber crime in the UK look like? What is the financial damage currently being suffered by UK companies?
According to a report published by the Government into the financial impact of cyber crime:
- It’s currently costing the UK as a whole £27billion a year
- The economic cost of cyber crime to the Government is £2.2billion
- The total annual estimated cost of cyber crime to UK businesses currently stands at £21billion. This estimate includes:
- £9.2billion a year from IP theft
- £7.6billion a year from industrial espionage
- £2.2billion a year from extortion
- £1.3billion a year from direct online theft
- £1billion a year from the loss or theft of customer data
- The economic cost of cyber crime to the Government is £2.2billion
- The cost of cyber crime to UK citizens is currently around £3.1billion. This is made up of:
- £1.7billion a year from identity theft
- £1.4billion a year from online scams
- £30million from scareware and fake anti-virus software
Unfortunately, these figures are just a snapshot of the financial impact of cyber crime in just the UK alone. There are many more cost-related stats out there that reflect the financial scale of the issues; costs that continue to rise year-on-year.
Counting the cost of cyber crime
There’s no getting away from the fact that cyber breaches have wide-reaching implications for businesses, not just from an operational, but a financial perspective. As the figures we’re just shared with you show, the cost can be astronomical, and continue to be felt for many years afterwards.
Gary Christie, one of our Presales Consultants, shares his top tips for how to be more cyber secure
4 key considerations to limit the cyber risk posed by your users as they return to the office