The real cost of a cyber attack

Running a small business is not easy, and nowadays it is more complex and challenging, than ever. Business owners are increasingly under the pump and unlikely to think about cyber security. Very few SMEs understand the real cost of a cyber-attack.

The impact of a cyber-attack

The amount of damage varies depending on the type of attack, the type of data breached, and the size of the organisation. But small businesses are both highly vulnerable to a cyber-attack and least capable of recovering from it. Research conducted by The National Security Alliance found that:
  • More than 70% of cyber-attacks target small businesses
  • Almost 50% of small businesses have experienced a cyber-attack, and
  • 60% of small and midsized businesses go out of business within six months following an attack
The reason so many SMEs go out of business is almost always because they didn’t realise the importance of having a plan for action. That includes having the right layers of cyber security alongside a plan detailing how they will respond when they are attacked.

The real costs of a cyber attack

If a hacker has attacked your business, you know just how devastating a cyber attack can be. But most small business owners don’t understand the true impact and costs associated with a cyber-attack. There are many more costs than the obvious ones.

Hard costs

  • Lost business and revenue – without access to jobs, invoices and accounts, work is not completed, revenue not generated and invoices unpaid
  • Salaries and wages – i.e. paying staff despite their inability to work
  • Stolen funds – e.g. if you were tricked into sending money to the attacker, or an attacker used a stolen username and password to steal funds from your account
  • Ransoms (if paying)
  • Ransomware negotiator (if necessary)
  • Cyber extortion – hackers may destroy, damage or otherwise incapacitate your network or data if you don’t pay the ransom
  • IT forensics – to determine what information has been breached, or accessed improperly, and track down the cause of the breach
  • Data recovery attempts – whether successful in recovering the data, or not
  • Managed IT service provider – to set up, maintain, and manage new, better security to stop further attacks
  • New hardware
  • Digital asset rebuilding costs – such as rebuilding your website
  • Higher insurance premiums

Time and resources

  • Immediate business interruption – i.e. the downtime without access to computers or data
  • Notifying all impacted individuals, businesses, as well as regulators
  • Post-attack downtime – e.g. re-allocation of resources to digitize manually performed business operations
  • Trying to rebuild all the electronically held data that has been lost, e.g. customers names, addresses, emails, and credit card details
  • Re-writing lost business plans
  • Re-creating intellectual property
  • Writing policies around use and misuse of computers, downloads, admin rights etc.

Future impact and costs

  • Reputational damage and negative word of mouth
  • Loss of future business and customer relationships
  • Crisis management – e.g. the cost to hire a PR firm and managing how your clients respond to the breach
  • Credit protection costs – costs to provide credit monitoring services to any affected parties
  • Regulatory compliance
  • Training employees
  • Costs relating to a breach of personally identifiable information – e.g. breach of contract, negligent protection of data, network security breaches, transmission of software viruses, cost of assessments, and various other fines and penalties
  • Legal defence and settlements – e.g. the attack affects your customers, you are in breach of contract, or deemed negligent
  • Libel or defamation claims – e.g. breached data includes unkind internal communications about clients
  • Repeat attacks and ransoms – paying ransoms lets cyber criminals know you are an easy mark, and allowing untrustworthy hackers restore data allows them to retain access to your systems

Unseen ‘costs’ on the small business owner and staff

Then there is the toll on mental health. An attack of this nature creates fear, uncertainty, stress, and anxiety. There will be many sleepless nights. It can be a tipping point for fragile relationships. Sadly, even suicides can happen if the business cannot recover.

The real cost of a cyber-attack is much greater than people realize

The costs incurred are much higher than the average small business ever anticipates, and everyday business insurances are unlikely to cover them. Specialized cyber insurance should cover them, and it’s worth investigating whether cyber insurance is worth it for your business, but insurers won’t insure any business that doesn’t already have the right cyber security in place. The best defence is a good offence. Be one of the smart businesses that embraces cyber security before a problem occurs.

Small business cyber security support

The IT Partners specialize in cyber security for small businesses and sole traders. Our fully managed small business cyber security support package has been specifically designed to provide all the layers you need. We use only the best security products, with 24×7 management and maintenance, at a price every small business can manage. Protect your data now to protect the long-term viability of your business. Get the right layers of cyber security in place now, before it’s too late. Contact us today.