Infoprotect’s Brian Taylor shares his thoughts with us on the hidden costs of cybercrime.

I had the pleasure of reviewing global statistics from a survey undertaken by a reputable global security vendor and the Centre for Strategic and International Studies (CSIS). Having read the entire report, I felt compelled to share some pertinent comments and facts that we all need to be aware of.

Cybercrime does not just result in an economic impact for companies, it also results in:

  • The theft of companies Intellectual Property (IP)
  • The theft of monetary assets
  • The diminishing company performance and reduced efficiencies
  • Reputational/brand damage

From the report I was extremely interested in the disclosure of the following statistics:

  • There has been a 50% increase in the number of cybercrimes since 2018.
  • Two-thirds of the companies reviewed reported some form of Cyber Incident in 2019.
  • Since 2018 it is estimated that the Global losses have surpassed the $1 trillion mark.
  • IP theft and financial crime account for 75% of the cyber losses realised.
  • Damages have included: reduced productivity, system downtime and brand damage.
  • 56% of the companies surveyed do not have a plan in place to prevent and respond to cybercrimes.

From the details shared in the report, it is evident that the hidden costs of cybercrimes need to be better understood. We owe it to ourselves as businesses, to our stakeholders, and to our customers, to understand and address, not only the economic impact of cybercrime but also the other costs and disruptions realised. We must thank the companies that took part in the survey and were honest enough to share the information from which we can surely benefit.

Some of the hidden costs identified indicated that the theft of IP and monetary assets had a severe effect on the company’s performance capabilities. The impact on performance brought the following realisations to the fore:

Downtime – two-thirds of the companies in the survey experienced downtime as a direct result of the Cybercrime. The average costs of the longest downtime effects in 2019 were recorded at a staggering cost of $762 231.

A further 33% of the surveyed companies stated they had realised costs between $100 000 and $500 000 due to the downtime. These figures are not to be taken lightly.

Reduced Efficiencies – most of the reviewed companies admitted having realised reduced efficiencies at a rate of an average of 9 working hours per week based on the effect of Cybercrimes. In layman’s terms that is an effective loss of 4.5 working days per month based on an 8-hour workday calculation.

Incident Response Costs – when reviewing the incident response activities, it was evident that most of the respondents took on average 19 hours to move from the “discovery phase” to the “remediation phase”. This lost time would have a net effect on the businesses to continue production.

Furthermore, the companies realised additional unbudgeted costs by using the in-house skills to address the incident and in many cases, the additional costs were realised by using external specialists to assist in addressing and resolving the incident.

Reputation or Brand Damage – most cybercrimes will result in reputational or brand damage. How businesses address the level of damage, is often an extremely costly exercise. Rehabilitation costs are realised that were not planned for. Often outside companies are employed to mitigate the damage caused by the Cybercrime. Another hidden cost that comes into play is the need for additional employees, some of whom will be specialists in their field, and come at a high unplanned cost to the business.

Lastly, I took the following key points from the report:

Most of the respondents agreed that generally there is a poor understanding of Cyber Risk.

Most agreed that “not recognising the problem in time to stop the spread” is a large contributing factor.

56% of the respondents admitted to having no plan for prevention or responding to cybercrime. Of all the companies that have a plan in place, 32% of them stated that their plans are effective … that implies, 68% of the respondent’s plans are ineffective or even non-existent.

In my opinion, having digested the report, and having taken the time to highlight of few of key statistics, together with hidden costs that are not planned for, I would like to suggest, that businesses of all sizes, small/medium, mid-market, enterprise or global, give the required respect to the risk and threat of cybercrime.

It’s real, it’s here, it’s happening and if we “fail to plan” for possible breaches or the threat thereof, we may then, by default, be allowing ourselves, our businesses, our employees, our communities to slip into a mindset of “panning to fail”.

If you would like to take these discussions further, please contact me, or my team at Infoprotect UK today.

Many thanks,

Brian Taylor

Head of Sales

Why Are Cyber Insurance Claims Denied?

Read more

Why a Fractional CISO Could Save Your Business

Read more

Why Every Business Needs a Holistic IT Managed Service 

Read more

Safeguarding Your Business from Email Compromise in Six Easy Steps:

Read more

How to create a cyber placement strategy for 2024

Read more

Selling Cyber – Creating A Kick-ass Sales Process

Read more

Transforming Cyber Insurance: The Infoprotect Revolution

Read more

Why Move to the Cloud ?

Read more

Cybersecurity Insurance

Read more

Managing Human Risk in Phishing

Read more

10 STEPS to CYBER RESILIENCE

Read more

SMALL BUSINESS GUIDE to CYBER SECURITY 

Read more

Take the fight to email impersonators

Read more

Cyber Insurance – MFA and SaaS

Read more

Phishing – Lets Educate & Upskill the users

Read more

Answer yourself truthfully… Can your business afford LAN/WAN downtime?

Read more

Into lockdown & post Brexit: Business as usual for Infoprotect UK.

Read more