Counting the Costs of Cybercrime (Part 1)

WHAT IS THE IMPACT OF CYBERCRIME ON MY COMPANY? 

Cybercrime is growing as the use of the internet and business networks expand. Today, more than ever, businesses of all sizes rely on their networks, data and internet connectivity to conduct business. 

In this three-part series, we look at cybercrime’s impact, how it is perpetrated, and what you can do about it. In this part, we look at the impact of cybercrime on your business.  

A cyber attack can cause enormous damage to your organisation: 

Financial 

A cyber attack can lead to direct financial losses, for example, a phishing attack that leads to money being transferred to the hacker, but also to indirect financial losses which are caused, on the one hand, by the cost of resolving the incident itself as quickly as possible and, on the other hand, by the potential loss of customers. 

Operational 

A cyber attack can disrupt computer systems to such an extent that they can no longer support day-to-day business operations. This disruption of business operations will, of course, also have financial consequences 

Reputation 

A cyber incident negatively impacts the company and can damage a reputation that has been built up carefully over many years in the blink of an eye. This damage to reputation will eventually lead to financial losses due to a direct impact on turnover and additional costs incurred in rebuilding the reputation after the incident.  

What can happen? The damage caused by a cyber incident can be reduced to the acronym “CIA” (Confidentiality, Integrity and Availability): 

Confidentiality 

The confidentiality of data can be impaired. Concretely: sensitive information can fall into the wrong hands or into the public domain 

Integrity

The integrity of data can be impaired. Concretely: due to incidents (intentional or unintentional), unauthorised modification of data can occur making it unusable or leading to errors 

Availability

The availability of systems and information can be compromised. Systems can go down and remain unavailable for a long period of time, thus disrupting business operations. To estimate the potential impact on your own organisation, you need to ask yourself what are the most critical IT assets of the organisation and what can happen to them as a result of a cyber incident.  

A couple of examples: 

  • In a hospital, the medical patient file is the most critical asset. If unauthorised persons gain access to the patients could suffer serious damage. Consider, for example, the medical file of a well-known person, which is leaked to the press. 
  • In a technology company (e.g. biotech or IT tech), the principal asset is often its Intellectual Property (IP). If this was to be stolen, the company’s entire competitive advantage could be lost. In this way, many business secrets have already ended up in the wrong hands. 
  • In a production company, the production systems are often the most critical, while in a logistics company, it is the logistics systems. If these systems go down, it can lead to interruptions of the production lines and the supply chain. 

Leave a Reply