As businesses store more of their and their customers' data online, they are becoming increasingly vulnerable to cyber thieves. Dealing with online criminals increases cybersecurity costs, which may ultimately trickle down to consumers in the form of higher prices.
Companies lost $1.8 billion to cybercrime in 2019, according to business insurer Hiscox. Few businesses are safe, and big companies with a big online presence are heavily targeted. Companies in the energy, financial services, manufacturing, technology, and pharmaceutical sectors endured the heaviest losses.
Here is a look at some of the most important ways cybercrime can hamper businesses today.
- About 6% of companies report having to pay a ransom to regain control of critical IT systems.
- Businesses that come under cyberattack also incur higher costs from operational disruption and altered business practices.
- The biggest losses come from reputational damage. Companies that have lost control of their customers' data have paid millions to settle claims.
1. Increased Costs
Companies that want to protect themselves from online thieves have to pull out their wallets to do so. Firms may incur any number of outlays, including:
- Cybersecurity technology and expertise
- Notifying affected parties of a breach
- Insurance premiums
- Public relations support
Ransomware, which can prevent workers from accessing IT systems unless the company pays off a hacker, can also create a major financial burden. According to Hiscox, 6% of companies paid a ransom in 2019, creating $381 million in losses.
In addition, businesses may have to hire lawyers and other experts to remain compliant with cybersecurity regulations. And if they’re the victim of an attack, they may have to shell out even more for attorney fees and damages as a result of civil cases against the company.
Equifax, one of the top three credit bureaus, learned this the hard way after a 2017 data breach that compromised the personal data of 147 million customers. As a result of subsequent litigation, the company agreed to pay up to $425 million to assist affected individuals.
2. Operational Disruption
In addition to actual financial damages, companies often face indirect costs from cyberattacks, such as the possibility of a major interruption to operations that can result in lost revenue.
Cybercriminals can use any number of ways to handcuff a company’s normal activities, whether by infecting computer systems with malware that erases high-value information, or installing malicious code on a server that blocks access to your website.
Disrupting business as usual is the favored tool of so-called “hacktivists,” who have been known to breach the computer systems of government agencies or multinational corporations in the name of calling out a perceived wrong or increasing transparency.
In 2010, for example, hackers sympathetic to WikiLeaks retaliated against credit card giants Mastercard and Visa by conducting attacks that temporarily crashed their websites.
3. Altered Business Practices
Cybercrime can impact businesses in more than just financial ways. Companies have to rethink how they collect and store information to ensure that sensitive information isn't vulnerable. Many companies have stopped storing customers' financial and personal information, such as credit card numbers, Social Security numbers, and birth dates.
Some companies have shut down their online stores out of concern they cannot adequately protect against cyberattacks. Customers are also more interested in knowing how the businesses they deal with handle security issues, and they are more likely to patronize businesses that are up front and vocal about the protections they have installed.
4. Reputational Damage
Although tough to fully quantify, companies that fall victim to larger cyberattacks may find their brand equity significantly tarnished. Customers, and even suppliers, may feel less secure leaving their sensitive information in the hands of a company whose IT infrastructure was broken at least once before.
Retail giant Target (TGT) saw its reputation take a hit after a 2013 data breach involving the credit card information of more than 40 million customers, a security failure that cost it $18.5 million to settle.
JPMorgan Chase & Co. (JPM) endured a similar black eye in 2014, when criminals compromised the data of its banking customers. Hackers gained access to the names, addresses, phone numbers, and email addresses of 76 million household accounts and seven million small business accounts.
In addition to reduced institutional trust, research suggests that publicly traded companies are likely to see a short-term drop in market value. Security researchers Comparitech studied 40 data breaches at 34 companies listed on the New York Stock Exchange. It found that the share prices of compromised companies fell an average of 3.5% following an attack, and underperformed the Nasdaq by 3.5%.
5. Lost Revenue
One of the worst outcomes of a cyberattack is a sudden drop in revenue, as cautious customers move elsewhere to protect themselves against cybercrime. Companies can also lose money to hackers who try to extort their victims.
Case in point: Sony Pictures came under attack in 2014 as it prepared to release “The Interview,” a comedy which depicted an assassination attempt on North Korean leader Kim Jong Un. Hackers pilfered sensitive information, including embarrassing e-mails and performance evaluations from its staff.
North Korea is widely believed to be behind the attack, although it denied the allegations. As a result, Sony Pictures pulled the film from most theaters in favor of an online release, a move that cost it $30 million, according to the National Association of Theater Owners.
6. Stolen Intellectual Property
A company’s product designs, technologies, and go-to-market strategies are often among its most valuable assets. Intangible assets accounted for 87% of the value of S&P 500 companies in 2015, according to intellectual property advisory Ocean Tomo.
Much of this intellectual property is stored in the cloud, where it's vulnerable to cyberattacks. Nearly 30% of U.S. companies report having their intellectual property stolen by a Chinese counterpart within the past 10 years.
The Bottom Line
Protecting a business against cyberattacks is costly and can impact the relationship between the company and its customers. As cybercrime becomes more sophisticated, businesses will have to stay one step ahead.