Cyberattacks understandably cause dread in everyone affected by them. Dealing with the issue can ramp up costs in more ways than one. Besides the labour needed to fix the problem and restore systems, targeted parties may lose business and suffer reputational damage.
As today’s society has become more dependent on the internet, hackers have more opportunities to wreak extensive havoc. Here are some specific reasons why cybercrime costs continue rising.
A Sophos report revealed that more financially intensive ransomware recoveries are a factor behind costlier cybercrime. The data showed average remediation amounts more than doubled between 2020 and 2021 and now top out at an average of US$1.85 million.
A related factor was the slight increase in the percentage of organisations paying the ransom, reaching 32% this year. However, only 8% of affected entities got all their data back with that approach.
Moreover, the study showed that US$10,000 was the most common ransom paid. However, it could be a complete waste if the hackers don’t unlock the seized data after receiving payment.
The attention paid to the costs associated with cybercrime is similar to the interest in the financial ramifications of equipment downtime in a manufacturing plant. A hypothetical scenario in such a setting could cost a company 1.4% of its annual production capacity if a transformer failure leads to a 120-hour outage.
A key thing to remember about cyberattacks is that their effects do not always remain inside a company’s boundaries. For example, a report estimating the average per-enterprise costs of companies affected by the SolarWinds cyberattack showed they totaled 11% of an organisation’s annual revenue.
Elsewhere, a report from IBM put the average cyberattack cost at US$4.24 million, resulting in the highest figure in the study’s 17-year history. That figure shows that company leaders must assume addressing an incident will cause a substantial financial loss no matter how far the ramifications reach.
Hospitals have long been popular targets for cybercriminals. Such incidents have continued to affect health care organisations during the COVID-19 pandemic. For example, INTERPOL revealed seven types of significant cyberattacks appearing more frequently during the global health crisis.
One incident affecting a Vermont hospital cost the organization US$1.5 million per day in lost revenue and increased expenses, according to Stephen Leffler, the organisation’s President. That estimated figure did not include costs associated with getting systems operational again.
“If you told me more than a month [after the attack] we still would have functions that weren’t normal, I would have bet you that you’d be wrong. We really did not anticipate the scope or the impact the attack had on our system and how far-reaching it was,” Leffler admitted.
When a cyberattack drastically affects hospital operations, it could cause people not to get the treatment they need soon enough or cancel certain procedures. The cyberattack could even lead to lawsuits from patients or their loved ones affected by subpar care.
The figures mentioned here are likely startling to most, but people should still keep in mind that even the most dedicated research efforts can’t always accurately estimate cybercrime costs. That’s largely because of the unknown factors at play.
For example, how many customers were thinking about contacting a company about doing business with it but changed their minds after that organisation suffered a cyberattack? In how many cases did a cyberattack at a hospital directly affect a patient’s complications or death?
It’s not easy to figure out those aspects. But it’s clear that cyberattacks represent a significant financial burden to everyone affected by them. That’s true now and it’s not likely to change anytime soon.
Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.