The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

How Expensive Are Cybersecurity Attacks and Data Breaches?

FERC Order 2222 Levels the Playing Field for Distributed Energy Resources
Larger Font
2 minutes to read

A Journal of Cybersecurity article earlier this year concluded that public concerns regarding the increasing rates of breaches and legal actions may be excessive compared to the relatively modest financial impact to firms that suffer these events. Based on a sample of more than 12,000 cyber events that include data breaches, security incidents, privacy violations and phishing crimes, the authors found that the cost of a typical cyber incident in that sample is less than $200 000 (about the same as those firms’ annual IT security budgets), representing only 0.4 percentof their estimated annual revenues.

Our Perspective:

This study may be placing too much emphasis on “counting the trees” and not enough on understanding the value of the “forest.”

For companies in industries like energy, on which the public relies for essential goods and services, reliability and reputation are an integral part of the product or service. So measuring damage from a cyberattack by adding up the costs of breaches, bad debts and fraud risks but not the cost of service interruption or reputation damage minimizes an incident’s true impact.

Similar to the experience of other industries, significant damage from a cyber incident will be seen in the erosion of the customer’s confidence and trust that is the underpinning of future business, or in potential regulatory overreach that can unduly constrain future operations. The impact to reputation, and its implied customer loyalty, can be serious.

In addition, the study identifies the mining and oil and gas industry as suffering the highest litigation rate among all other industries, with more than 30 percent of all cyber events litigated. Therefore, it is wise for the industry to stay focused on this area.

Companies should not be complacent about cybersecurity or rely on the findings of a single report. The consequences and costs of a cybersecurity breach can vary widely, based on the company’s size, customer base, regulatory oversight and other factors. Because the threats and risks related to information security change so quickly, an annual security assessment is recommended so that companies can keep an eye on these trends and evaluate their information security programs in this ever-changing context.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Danny Rudloff

By Danny Rudloff

Verified Expert at Protiviti

EXPERTISE

Cal Slemp

By Cal Slemp

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

What you need to know: Aging systems, data silos, regulatory pressures and talent gaps complicate enterprise transformation for public utilities....

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

The big picture: C-suite leaders in traditional aerospace and defense (A&D) companies are launching and growing their aftermarket services and...

Search