While 2016 showed us many new and exciting things, one thing that remained fairly consistent was the increase in cyberattacks. Not just the number, either; cyberattacks are becoming increasingly more expensive both for victims and for those trying to avoid becoming victims.
A study done by the Ponemon Institute between 2015 and 2016 demonstrated an escalation in the basic cost of a cyberattack of as much as 23 percent. The actual rise was from $7.7 million to $9.5 million.
Obviously, these numbers are just an average for all businesses surveyed, but they demonstrate just how financially draining a single security breach can become. Yet, do these numbers truly reflect all that is lost from cyberattacks?
Increasing Costs of Prevention
There’s no questioning that preventative measures can save a large amount of money in the event of a cyberattack; in some cases, over one million dollars is saved just by utilizing backups and having a plan for when data is lost or destroyed by hackers.
However, those savings are only realized in a disaster. In the meantime, we’re all stuck footing the bill for extra training time for employees, bills for security software and extra hardware for information backups.
These costs add up; professional anti-malware services can cost as much as $50 per user per year, not including more advanced features such as encryption of cloud storage. Firewalls are a different matter; they reach into the tens of thousands for high-quality solutions, not counting the cost of a contract and regular upkeep (yet they are absolutely essential).
Additional servers to work as backups during a DDoS attack or in the event of malware can also add up to thousands of dollars. Such advanced protection might not be needed by startup businesses, but more established companies need to have the insurance.
No one is suggesting these costs aren’t ultimately worth it, just that businesses now face steeper startup costs as a result. Small businesses, for instance, need to first invest in small scale security measures only to require much larger, more expensive options later on, usually with no return at all on their initial investments.
Individuals suffer a similar penalty. Single users used to only require a free anti-virus program. Unfortunately, newer threats (especially over public WiFi) virtually require the use of a VPN, some sort of backup in case of disaster and even credit monitoring services to avoid runaway theft.
Loss of Customer Trust
Despite being the least tangible area of interest, trustworthiness is a contender for the most valuable asset a company has. Whether marketing from one business to the next or directly to the consumer, it remains critical to be trusted by the target market.
Yet, this is exactly where cyberattacks hit hardest. Hacks and losses as a result of malware or ransomware demonstrate a lack of competence and a general lack of responsibility that customers will tend to shy away from.
Regaining that trust isn’t easy either; smaller companies rarely recover and larger companies still feel the bite long after the financial and legal detriments subside. In 2016, Samsung lost billions of dollars due to its bungled Note 7 launch; they stand to lose even more in 2017 due to a loss in consumer faith.
Following a cyberattack, the losses depend on the target. While businesses may fold on themselves, we’re still here no matter what. The costs for a single person involved in a cyberattack may include several different factors:
- Loss of credit rating and credit opportunities
- Financial damages and time spent recovering said damages
- Permanent alterations to medical records
No matter the reason for the actions following an attack (purchases in your name, new accounts under your identity, etc.), most credit agencies still hold you personally responsible. Repairing damage to credit can take years, even if identity theft is identified as the cause.
Most banks and credit companies insure you against a certain degree of fraud, but coverage isn’t universal and reimbursements may not be immediate depending on how the losses occur. A string of minor charges to your account may go unnoticed, even by you.
When it comes to private parties, the least noticed area for damage is actually in the medical realm. When cyberattacks target medical institutions and result in stolen records, your information may be used for fraudulent medical care.
Keep in mind, medical records typically include all the information needed to commit identity theft, from home addresses and phone numbers to payment methods and insurance information. They also host any information about previous treatment which can be used to more easily impersonate you.
One of the unfortunate side effects of this is a nearly indelible mark on your records. In the US, federal laws make it difficult to remove records of treatment, even if you weren’t actually the one receiving the treatment. The costs could be deadly; changes in information about allergies could lead to fatal results in future treatment.
Companies that suffer a cyberattack that results in lost consumer data face more than just the cost of recovering said data and repairing infrastructure. The Supreme Court has left decisions about privacy liability in the hands of lower courts, opening up the possibility for lawsuits prior to a data breach.
Now, on top of the cost required to hire experts to re-evaluate your system’s security, your business may also be faced with court fees, legal fees and even the possibility of a settlement.
This is especially true in Europe, where for years companies have been legally liable for their customers’ privacy. In 2015, the General Data Protection Regulation increased business liability by allowing for more liberal use of suits to force companies to comply with data privacy.
And these sorts of costs scale with the size of a business. The more customers you have, the greater liability you incur. Let’s not forget when Target was hacked in 2014 and received a downgrade in their corporate credit rating, leading to increased rates across the board for company borrowing.
Biting the Bullet
Like it or not, costs are expected to continue their rise in the coming year. As systems become more complicated and cyberattacks become more profitable, solutions will come with increasing premiums.
Yet the cost of avoiding these premiums is even higher. What this means for the industry is anybody’s guess; most likely, the cost will be passed onto the consumer. Yet how much can the consumer really afford?
Tell us what you think; what will you do to circumvent cyberattacks? Let us know what you plan to do in the comments section.
About the Author: Diamond is an internet security specialist that writes for Secure Thoughts. With an interest both in business security and personal safety, she offers advice to a wide audience about how to remain safe online.