Cyberattacks pose a major threat to organizations and individuals around the world. As more business and personal activities move online, the opportunities for cybercriminals to exploit vulnerabilities and breach systems continue to grow. Cyberattacks can result in substantial financial losses as well as damage to reputation and trust. Understanding the costs associated with cyber incidents is critical for organizations to make informed decisions about cybersecurity strategies and investments.
What are the main types of cyberattacks?
There are many different types of cyberattacks, but some of the most common and impactful include:
- Malware – Malicious software designed to infect systems and gain access to sensitive data. This includes viruses, worms, spyware, ransomware, and more.
- Phishing – Deceptive emails or websites that seek to trick users into sharing login credentials or other sensitive information.
- Denial of service (DoS) – Attacks that overwhelm systems and networks with traffic, rendering them inaccessible to legitimate users.
- Data breaches – Incidents that result in the unauthorized access or theft of sensitive data like customer records, intellectual property, or financial information.
- Insider threats – Attacks perpetrated by employees, contractors, or others with authorized system access.
What are the direct costs of a cyberattack?
Cyberattacks inflict damage in multiple ways, resulting in both direct and indirect costs. Direct costs include:
- Incident response and forensic costs – Expenses for investigating an attack’s origin and impact, remediating affected systems, and restoring normal operations.
- Notifications and credit monitoring – Following a data breach, regulations often mandate that affected individuals be informed and provided with credit/identity monitoring services.
- Post-breach customer protection – Steps to assist and reassure customers, such as setting up call centers, providing advice to prevent identity theft, and offering free credit reports.
- Technical investigation – Determining how attackers gained entry, which systems were impacted, and what data was compromised often requires specialized digital forensics expertise.
- Regulatory compliance costs – Payment of mandatory fines or penalties imposed by industry or government regulators following a cyber incident.
What are the indirect costs of a cyberattack?
In addition to upfront damages, cyberattacks can inflict longer-term productivity and revenue losses in the form of:
- Business disruption – Service downtime and impaired systems that disrupt operations and prevent the organization from generating revenue.
- Lost opportunities – Diversion of resources to incident response means less focus on core business activities.
- Loss of intellectual property (IP) and proprietary data – Theft of critical IP, plans, or other internal data that compromises competitive advantage.
- Reputation and customer trust – Negative publicity following an attack can damage brand reputation and customer confidence in the organization.
- Legal liabilities and insurance premium increases – Lawsuits by stakeholders affected by an incident, as well as increased insurance rates in its aftermath.
What is the average cost of a data breach?
According to the Ponemon Institute’s 2021 Cost of a Data Breach report, the average cost of a data breach globally is $4.24 million. This factors in direct and indirect expenses around containing breaches, notifications, policy changes, lost productivity, and reputational damage. The average cost per lost or stolen record is estimated at $161.
For the United States, the average total breach cost is $9.05 million. The cost per compromised record rises to $246 for US-based organizations.
Cost of data breach by industry sector
Data breach costs vary significantly across different industry sectors:
| Industry | Average data breach cost (global) |
| Healthcare | $9.23 million |
| Financial services | $5.72 million |
| Pharmaceuticals | $5.04 million |
| Technology | $4.88 million |
| Energy | $4.65 million |
| Retail | $4.53 million |
| Industrial | $4.14 million |
| Education | $3.79 million |
| Media | $3.38 million |
Healthcare incurs the steepest data breach costs due to factors like higher regulatory penalties and sensitivity of personal medical information. Retail and media enterprises have lower costs, but a single large breach can still create tens of millions in damages.
Cost factors
Why do some data breaches cost more than others? Key factors that influence breach costs include:
- Number of compromised records – More exposed records means higher notification, credit monitoring, and other direct expenses.
- Type of data breached – Sensitive data like financial, medical, or intellectual property records are more damaging than basic contact information.
- Country/regulatory environment – Stricter data protection laws in regions like the US and EU increase post-breach costs.
- Industry/security posture – Heavily regulated industries face higher fines and liability costs. Proactive security controls and processes also reduce breach impact.
- Customer loyalty and brand power – Companies with stronger customer relationships and brand reputation are more resilient after an incident.
What is the cost of ransomware attacks?
Ransomware has emerged as one of the most severe cyber threats facing organizations worldwide. These attacks encrypt critical files and systems until a ransom payment is made. Typical ransom demands average between $10,000 to $50,000.
However, the business disruption inflicted by ransomware can be catastrophic. Cybersecurity firm Emisoft estimates the global average cost of ransomware attacks at $1.85 million per incident.
Direct ransomware costs
Upfront expenses stemming directly from a ransomware attack include:
- Ransom payment – If the organization pays the ransom (not recommended), this is a direct cost. Small businesses are most likely to pay ransoms.
- Remediation and restoration – Cleaning infected systems and restoring data from backups requires time and expertise.
- Employee productivity – Workforce downtime and lost productivity while systems are inaccessible.
- Technical investigation – Forensic analysis to determine attack entry points, compromised data, and steps to prevent future incidents.
Indirect ransomware costs
Additional ransomware consequences include:
- Business disruption – Services outage and work delays that may violate contractual obligations to customers.
- Data and IP loss – Permanent loss of data if backups are impacted or irrecoverable via decryption.
- Reputational damage and customer defection – Trust and confidence in the organization can plummet after a major ransomware incident.
- Legal and regulatory costs – Lawsuits stemming from data loss or service disruption; fines for regulatory non-compliance.
- Higher insurance premiums – Past ransomware incidents often increase cyber insurance rates.
What is the cost impact of DDoS attacks?
Distributed denial of service (DDoS) attacks bombard online infrastructure with a flood of junk traffic, overwhelming systems and preventing legitimate access. These attacks are a growing threat, with the average DDoS incident cost estimated at $50,000.
For businesses that rely on online platforms and web applications, the business disruption of DDoS attacks can be severe:
- E-commerce sites can lose tens of thousands per hour in sales when taken offline by DDoS attacks.
- Gaming, travel, and other online services suffer immediate revenue loss plus reputational damage impacting future sales.
- Cloud services and web hosting providers face lost customers and breach of SLA penalties if services are disrupted.
- DDoS extortion threats also extract ransom payments from victims in exchange for halting (or preventing) attacks.
Indirect costs include expenses for enhancing DDoS defenses, such as implementing scrubbing services, load balancers, and overprovisioned bandwidth.
Major DDoS attacks inflicting eight-figure costs are rare, but the collective business disruption of small-scale DDoS incidents adds up to a significant economic toll.
How much do data breaches cost shareholders?
Publicly traded companies face additional costs when a data breach impacts their stock price and erodes shareholder value. Analysis by Comparitech found that corporate stock prices decline by an average of 7.27% in the aftermath of a publicly-disclosed data breach.
Major breaches inflicting losses of millions of records show even greater share price impact:
- Yahoo suffered a 16% stock drop after disclosing a 2013 breach impacting 3 billion accounts.
- Facebook’s share price fell by 8.5% amid revelations that Cambridge Analytica improperly accessed data on 87 million users.
- Marriott saw its stock decline by 5.7% following the company’s disclosure of a breach affecting 383 million guests.
This market reaction reflects diminished confidence in breached companies, as well as anticipation of significant incident costs and customers losses. While shares typically recover over time, data breaches have an undeniable short-term negative impact on shareholder value.
How can organizations manage and reduce cyberattack costs?
Mitigating cyberattack costs requires a multi-pronged approach:
Security technology investments
Upgrading security tools and infrastructure makes systems more resilient and prevents attackers from gaining access in the first place:
- Next-gen antivirus, firewalls, and intrusion prevention systems
- Email and web gateway filtering to block malware and phishing threats
- Vulnerability assessment and network penetration testing services
- Endpoint detection and response (EDR) software
- Backup solutions and disaster recovery systems
Security staff and services
Qualified in-house cybersecurity personnel and third-party managed security services provide ongoing vigilance and expertise:
- CISO and security operations center (SOC) staff
- Incident response retainers and emergency support services
- Security awareness training for employees
- Policy consulting and compliance audit services
Cyber insurance
Policies can offset some portion of costs directly stemming from cyber incidents:
- Coverage for investigation, remediation, and notification expenses
- Coverage for loss of digital assets and business interruption
- Liability coverage for lawsuits and regulatory actions
Incident response planning
Preparing an incident response plan minimizes business disruption and facilitates rapid response:
- Define procedures for escalation, evidence gathering, and communications
- Have backups and disaster recovery systems ready for quick restoration
- Conduct simulated incident response exercises and tabletop tests
Conclusion
As cyberattacks grow in frequency, scale, and sophistication, their costs continue to climb. Individual incidents now routinely inflict millions in direct damages plus productivity and revenue losses. Major attacks also dent corporate reputations and customer loyalty. Investing in layered defenses, skilled personnel, and incident readiness delivers an important return in averting or minimizing cyberattack costs. Ongoing risk assessment and cost-benefit analysis of security spending helps target the right solutions for reducing this growing threat to organizational success.