Lesser Known Costs Associated with a Cyber Attack

May 17, 2021

With the growing threat of cyber attacks on business interests around the world, cyber insurance has become an integral part of risk management. This insurance helps to cover the expenses associated with a cyber attack, such as a distributed denial of service (DDoS) attack, data theft, or hijacking of business infrastructure. There are many costs associated with cyber criminality; in this guide, we will explore some of the lesser-known or “hidden” costs business owners must be aware of as they plan their network defenses.

A Wave of Cyber Crimes
Cyber attacks have been part of the digital economy for decades. Just as soon as businesses moved to computerized systems, criminals followed in an attempt to steal or destroy sensitive electronic records. The threat of cyber attacks has only grown in recent years; computer security analysts report that the coronavirus pandemic hastened cybercrimes against businesses, governments, and financial institutions to the tune of a 600% increase in reported attacks.

A single attack on business networks can mean hundreds of thousands or even millions of dollars in expenses for victims. In fact, the average cost of a data breach in 2020 was $3.86 million. Without robust cyber insurance protections, business owners face staggering out-of-pocket expenses during network recovery operations and the reputational harm that follows a publicized attack.

Visible vs. Hidden Costs

Companies that fall victim to cyber attacks typically report what is known as “cost per record”, or the average expenses associated with common recovery costs like customer notification, regulatory penalties or fines, and credit monitoring services for those affected by a data breach. These visible costs account for much of the average $3.86 million expense when cyber criminals are successful in their endeavors.

Lesser-known costs, however, have the potential to create negative outcomes for business owners who have experienced a cyber attack. The effects of a data breach, email spoofing campaign, or phishing attack can often be difficult to quantify for business owners, but these effects can have a significant financial impact on business operations. So-called “hidden” expenses include:

• Reputational harm and subsequent recovery efforts
• Intellectual property (IP) theft
• Supply chain and business interruptions
• Incident management
• Legal liabilities
• Forensic data recovery and investigations
• Loss of control of critical business infrastructure of both networks and equipment

A range of valuation processes influence calculation of these hidden costs. Assigning a specific value to an intangible loss in the wake of a data breach or other cyber attack can be daunting for even the largest corporations. This valuation or damage analysis is often conducted by specialized cyber security professionals and represents an unexpected expense to deal with after a cyber attack occurs.

Another potential side effect of cyber attacks is the rising expenses associated with insurance protection. Cyber insurance policy premiums have increased, and businesses purchasing or renewing such policies after a data breach occurs can expect steep costs. According to Deloitte, cyber insurance policyholders may experience a 200% increase in premiums after a breach. Just as likely is the insurer dropping coverage altogether unless specific data security conditions are met. Faced with the prospect of rising costs, it is critical that business owners evaluate their existing cyber insurance coverage before a data breach can harm business operations. With cyber insurance in place, business owners can rest easier knowing that assets are protected from the rising specter of cyber criminality. ◼