We hear about cyber attacks on a depressingly regular basis, but what exactly are some of the implications of an attack?
Probably the most important factor for many businesses is the financial impact of a breach. With nearly half of all UK businesses suffering some form of breach over the past 12 months, the cost to the national economy is in the billions.
According to UK government data, the average cost of the worst cybersecurity breaches is now between £65,000 and £115,000, including the impact of cleaning affected systems. The financial cost of a cyber-attack can already be substantial but with the new GDPR and NIS directives recently coming into force, large fines can also be imposed if a breach is proven to have been the result of inadequate defences and policies.
Large organisations may be able to take such a hit, but for small and medium sized businesses the results can be devastating and in the worst-case scenario could even force them to close.
As more and more businesses operate online the disruption caused by attacks will cause the financial costs to rise further over the coming years.
Being seen to be vulnerable to attack and unable to protect customer data can be just as damaging to an organisation as the financial impacts. A loss of confidence amongst current and potential customers can result in long term negative consequences for a business. The negative effects can escalate resulting in a loss of customers to competitors and potentially the loss of future contracts and income.
Ask yourself this; would you use a company’s services if it is unable to safeguard your sensitive data and what if they lied about it or tried to cover it up?
In the case of the recently reported Ticketmaster breach the company was allegedly warned in April that it had been breached, but only went public in June.
During the infamous breach of October 2015, the company suffered a major data breach as a result of poor security. Despite this TalkTalk continues to do well and has even seen its customer base increase. Why is this?
Former head of TalkTalk Baroness Dido Harding said at this year’s Infosec 2018 event, “It is best, to be honest with customers.” By going on national television and showing that they were trying to fix the issue their reputation didn’t take as quite as much of a battering as you’d expect. As Harding said; “Looking to do something was better than doing nothing.”
TalkTalks reputation did take a battering amongst the security community, however, as it had suffered less serious breaches in the past and had failed to take adequate action to prevent another.
"The vast majority of boards want to be able to abdicate responsibility by asking their security professionals 'are we ok?'," Harding said, "and you mustn't let them ask that question. You wouldn't ask 'are we physically OK?'. You'd ask a different question; you'd say 'what are the risks? What are the risks I'm happy to accept, and what are the risks that I'm really worried about that we need to be pushing to mitigate?'"
As a result of the breach the Information Commissioners Office (ICO) fined the company £400,000 and under the new GDPR legislation, the company would likely have been hit with a much larger fine.
As well as being liable to massive fines under legislation such as GDPR and NIS an organisation can become exposed to legal claims from affected customers.
Business partners could also sue for a breach of contract as a successful attack can be used to prove negligence as the affected party failed to put in adequate measures to protect sensitive data.
Commercial contracts may also include provisions that impose obligations on companies to comply with data protection legislation. Likely resulting in claims for damages and in some cases, contracts could be terminated.
The financial and legal impacts are often the things that make the headlines but we rarely hear about the human costs. A breach can result in stress, job losses and all the things that entails. In short, peoples’ lives can be ruined by a cyber attack and in extreme circumstances even lost.
Many of these consequences can be avoided if organisations do the basics, do them regularly and correctly.
For further reading visit –
By using CyberScore™ and carrying out regular scans you can reduce the risks. It allows you to:
Want to learn more about how CyberScore™ can help secure your business? Visit our website at www.xqcyber.com and if you want to give yourself the very best protection against cyber security threats try our CyberScore™ software for free now.