Developing effective cyber risk management strategies requires understanding the true impact of a cyber incident. Deloitte Advisory's report, ‘Beneath the Surface of a Cyberattack,’ uncovers the hidden costs and long-term consequences of cyber incidents.
By quantifying the business impacts and shedding light on the often-underestimated intangible costs, organizations can better prepare themselves to thrive in cyberattacks. Businesses must adopt a holistic approach to cybersecurity and prioritize protecting their strategic interests.
The need for clarity
Business leaders often struggle to gauge the potential impact of a cyberattack. They lack visibility into their peers' challenges when recovering from such incidents. This lack of accurate information obstructs the development of effective cyber risk management strategies.
Unveiling the hidden impacts
The Deloitte report uncovers business impacts that often go unnoticed. These impacts can be categorized as "above the surface" or "below the surface" costs.
- Customer breach notifications: When a cyber incident occurs, organizations are often required to notify affected customers, which can lead to reputational damage and loss of trust.
- Post-breach customer protection: Organizations must protect their customers' personal information after a breach.
- Regulatory compliance fines: Non-compliance with cybersecurity regulations can result in hefty fines imposed by regulatory bodies.
- Public relations and crisis communications: Managing the fallout from a cyber incident requires significant resources and can impact a company's public image.
- Attorney fees and litigation: Organizations may face legal proceedings and incur substantial costs following a cyber incident.
- Cybersecurity improvements: Organizations often need to invest in enhancing their cybersecurity infrastructure to prevent future cyber incidents.
- Technical investigations: Thorough investigations are necessary to understand the scope and impact of a cyber incident, which can require specialized technical expertise at a cost.
Below the surface costs
- Insurance premium increases: Organizations may experience higher premiums after a cyber incident due to increased risk perception.
- Increased cost to raise debt: Organizations may find it more difficult and costly to secure debt financing following a cyber incident.
- Operational disruption or destruction: Cyber incidents can disrupt or destroy critical business operations, leading to financial losses.
- Lost value of customer relationships: A cyber incident's loss of trust and confidence can lead to a decline in customer relationships and loyalty.
- Value of lost contract revenue: Organizations may suffer financial losses if contracts are terminated or not renewed due to a cyber incident.
- Devaluation of trade name: A cyber incident can tarnish a company's brand and reputation, decreasing its market value.
- Loss of intellectual property (IP): Cyberattacks can result in the theft or destruction of valuable intellectual property, causing long-term financial damage.
The Underestimated Impacts
Deloitte's study reveals several key findings that challenge commonly held assumptions about the impact of cyber incidents:
- Direct costs are less significant: The direct costs associated with data breaches and cyber incidents account for less than 5% of the total business impact.
- Prolonged period: The impact of a cyber incident is felt over a longer period than anticipated, with costs incurred during the initial response stage representing less than 10% of the overall impact.
- Intangible costs dominate: Over 90% of the impact of a cyber incident consists of intangible costs that are difficult to quantify. These costs include operational disruption, trade name damage, and intellectual property loss.