As businesses store more of their and their customers' data online, they are becoming increasingly vulnerable to cyber criminals. Dealing with online criminals increases cybersecurity costs, which may ultimately percolate down to consumers in the form of higher prices.
Companies lost $1.8 billion to cybercrime in 2019, according to business insurer Hiscox. Few businesses are secure, and large companies with a big online presence are extensively targeted. Companies in the energy, financial services, manufacturing, technology, and pharmaceutical sectors endured the heaviest losses.
Here is a look at some of the most essential ways cybercrime can hamper enterprises today.
1. Increased Costs
Companies that want to defend themselves from online criminals have to draw out their finances to do so. Firms may incur any number of outlays, including:
-
Cybersecurity technology and expertise
-
Notifying affected parties of a breach
-
Insurance premiums
-
Public relations support
Ransomware, which can prevent workers from accessing IT systems unless the company pays off a criminal, can also create a significant financial burden. According to Hiscox, 6% of companies paid a ransom in 2019, creating $381 million in losses.
In addition, businesses may have to employ lawyers and other experts to remain compliant with cybersecurity regulations. And if they’re the victim of an attack, they may have to fork out even more for attorney fees and damages as a result of civil cases against the company.
Equifax, one of the top three credit bureaus, learned this the hard way after a 2017 data intrusion that compromised the personal data of 147 million customers. As a consequence of subsequent litigation, the company consented to pay up to $425 million to assist affected individuals.
2. Operational Disruption
In addition to actual financial damages, companies often face indirect costs from cyberattacks, such as the possibility of a significant interruption to operations that can result in lost revenue.
Cybercriminals can use any number of methods to restrict a company’s normal activities, whether by infecting computer systems with malware that erases high-value information, or installing malicious code on a server that blocks access to your website.
Disrupting business as usual is the favored weapon of so-called “hacktivists,” who have been known to infiltrate the computer systems of government agencies or multinational corporations in the name of calling out a perceived injustice or increasing transparency.
In 2010, for example, hackers sympathetic to WikiLeaks retaliated against credit card titans Mastercard and Visa by undertaking attacks that temporarily disrupted their websites.
3. Altered Business Practices
Cybercrime can impact enterprises in more than just financial ways. Companies have to reevaluate how they capture and retain information to ensure that sensitive information isn't vulnerable. Many companies have ceased retaining customers' financial and confidential information, such as credit card numbers, Social Security numbers, and birth dates.
Some companies have shut down their online storefronts out of concern they cannot adequately protect against cyberattacks. Customers are also more interested in knowing how the businesses they interact with manage security issues, and they are more likely to patronize businesses that are up front and vocal about the protections they have installed.
4. Reputational Damage
Although challenging to completely quantify, companies that fall victim to larger cyberattacks may find their brand equity significantly tarnished. Customers, and even suppliers, may feel less secure leaving their sensitive information in the hands of a company whose IT infrastructure was disrupted at least once before.
Retail colossus Target (TGT) saw its reputation take a blow after a 2013 data breach involving the credit card information of more than 40 million customers, a security failure that cost it $18.5 million to resolve.
JPMorgan Chase & Co. (JPM) endured a similar black eye in 2014, when criminals compromised the data of its banking customers. Hackers gained access to the names, addresses, phone numbers, and email addresses of 76 million residential accounts and seven million small business accounts.
In addition to reduced institutional trust, research suggests that publicly traded companies are likely to see a short-term decline in market value. Security researchers Comparitech studied 40 data exposures at 34 companies listed on the New York Stock Exchange. It found that the share prices of compromised companies declined an average of 3.5% following an attack, and underperformed the Nasdaq by 3.5%.
5. Lost Revenue
One of the worst outcomes of a cyberattack is an abrupt decline in revenue, as cautious consumers migrate elsewhere to safeguard themselves against cybercrime. Companies can also lose money to hackers who attempt to extort their victims.
Case in point: Sony Pictures came under attack in 2014 as it prepared to release “The Interview,” a comedy which depicted an assassination attempt on North Korean leader Kim Jong Un. Hackers pilfered sensitive information, including humiliating e-mails and performance evaluations from its staff.
North Korea is widely believed to be behind the assault, although it denied the allegations. As a consequence, Sony Pictures withdrew the film from most theaters in favor of an online release, a decision that cost it $30 million, according to the National Association of Theater Owners.
6. Stolen Intellectual Property
A company’s product designs, technologies, and go-to-market strategies are often among its most valuable assets. Intangible assets accounted for 87% of the value of S&P 500 companies in 2015, according to intellectual property advisory Ocean Tomo.
Much of this intellectual property is stored in the cloud, where it's vulnerable to cyberattacks. Nearly 30% of U.S. companies report having their intellectual property misappropriated by a Chinese counterpart within the past 10 years.
The Bottom Line
Protecting a business against cyberattacks is costly and can impact the relationship between the company and its customers. As cybercrime becomes more sophisticated, businesses will have to remain one step ahead.
