What Is the Most Expensive Part of a Cyber Breach?
If you have your finger even remotely on the pulse, then one thing is clear to you – we are living in an increasingly digitized, cyber world. In this world, there are obvious dangers; and these dangers apply universally.
When discussing the threat of a cyber-attack, often times the subject of cost comes up. Is it worth it to have cyber protection? Is the cost worth it?
However, there is a major problem with this approach. Here is why.
Those seeking cyber protection typically focus on costs related to forensics and becoming notified of the attack (or the threat of one.) Yet, the most significant cost seems to be forgotten.
The name of this cost? Reputation.
Lindsey Nelson, a cyber development leader, stated that “when we’re talking about cyber claims, it’s typically the costs that nobody talks about that end up being the most expensive for the victim of the event”. She continued, “I think that’s fairly understandable when it’s a cost that only affects the business rather than their customers and the larger public.”
According to Nelson, reputational harm is more relevant today than ever before – and this is in part due to businesses having an obligation to inform their clients when their data has been compromised.
A recent example of this is the data breach at Capital One. Whilst this data breach was a highly publicized case that cost Capital One over $150 million directly, there was a further 6% drop in shares due to reputational harm and inaction.
“Customers are likely to either cancel their contracts or take their business elsewhere,” said Nelson. “We’ve seen several instances in which we’ve had insurance policyholders experiencing downtime of their systems, and they were actually forced to re-route their customers through their competitors in order to fulfill time-sensitive services that were required. So [sic] it’s not a position that any business envisions themselves being in.”
Though the cyber world is still in its infancy, all data points to the same thing – reputational harm is an incredibly expensive cost and one that many small-to-medium sized businesses may never properly recover from.
Studies show that 90% of Canadian businesses do not have a fully-fledged out cyber policy. Despite all this data being available, a number this high poses an important question: why aren’t more businesses adopting cyber policies?
The answer is twofold.
Firstly, many companies still hold the antiquated view that a cyber-attack will never happen to them. Ironically, it is this belief that puts a major target on a company’s back as an easy target. However, a bigger reason is now developing.
Nelson argues, “A larger percentage feel that if they do have one (a cyber event), their IT department is going to handle it effectively. But as time has consistently shown, IT and incident response — though they’re very complementary to one another — are two very different things.” She continues, “Incident response gives you access to specialist experts who can project manage and triage forensics, negotiations with the criminals, legal response — and they can often work with IT departments.”
For many, adopting a cyber policy will be a lesson hard learned. It will come after a cyber event and will ultimately cause a lot of damage that could have been prevented.
To make sure that you are protected, contact one of our licensed experts today at 905-696-9090 or email us at