The True Cost of a Cyberattack

Depending on the type of attack you suffer, some of the impacts on your operations will be immediate. Others will emerge in the longer term and will be more difficult to measure.

In a recent study, IBM estimates the average cost of a data breach to Canadian businesses at US$3.86 million, while Cisco reports that 53% of cyber attacks cause damages in excess of US$500,000.

Hard to believe? To make sense of these numbers, let’s take a look at what happens after a successful cyberattack and what steps need to be taken.

Lost productivity and downtime

One consequence of most attacks occurs almost immediately. Your network gets backed up, throttling your teams as you scramble to respond. Or, worse, your systems come to a complete standstill and your hands are tied.

This downtime has many implications. You may be unable to access your data and use your applications, and many business-critical tasks may become impossible to carry out.

Your production line could come to a screeching halt. You may be unable to continue serving your customers, responding to calls for tenders, or following up on ongoing files. Your teams working from home due to the pandemic may no longer be able to connect remotely.

And worst of all, instead of lasting just a few hours, the downtime could stretch for days. On average, it takes a company more than 16 days to recover from a ransomware attack, or even more if data is lost and unrecoverable. Estimate your average revenue and multiply that by the number of days of downtime for a quick estimate of how much a shutdown might cost.

Data leaks and loss

Cyberattacks are the cause of more than half of all data confidentiality breaches.

Confidential data from your business partners could be stolen. Third parties could get to your intellectual property and trade secrets that give you a competitive edge. Your customer lists could be sold. Access codes to your network, bank, and suppliers could be stolen.

But whether or not your data is directly targeted by an attack, you have to assume it has been compromised. And even if you manage to recover it, the damage has been done.

Imagine the fraud that could be perpetrated by someone who seizes your data. Imagine the potential lawsuits and legal costs if your confidential data were stolen. This is a huge financial burden for a small business, not to mention the tarnished reputation and lost customers and potential contracts.

Mobilization and response

Responding to a cyberattack and mobilizing the resources to contain it can be very costly, especially if you have to call in a rapid response team to regain control of your IT and resume operations.

An external team will need time to analyze the situation, understand your systems, disable the cyber threat, and get your applications up and running again. Recovering any compromised data from your backups will also take time—more if your solution isn’t up to date or your backups have been affected as well.

And that’s not all. Ransom amounts more than doubled in the last quarter of 2019.³ For some companies, paying the ransom is an expensive last resort, but doing so is not recommended and is no guarantee of data recovery.

Added to this are the costs of hastily replacing affected equipment, updating security software, and implementing more effective protection processes. These are all costs that your company could have anticipated and absorbed—and that could have prevented a cyber attack.

Real and present financial danger

Not only can a cyber attack paralyze your operations and jeopardize your revenues, it can also deal your business a big financial blow as it struggles to recover.

Unforeseen and urgent costs, especially at a time when some small businesses are already facing major challenges, could shutter your business for good.

It’s better to act preemptively by deploying solutions today that will help you protect your business and control your IT costs.