Cygilant Blog

Calculating the Real Cost of a Cyber Attack

Posted by Trevan Marden on Aug 30, 2016


As cyber attacks continue to grow in frequency and sophistication, businesses are exposed to increasing risk. At the same time, companies continue to face the challenges of limited time, budgets, and staff to implement effective security programs in order to counter the growing threat of cyber attacks. With a global IT security skills shortage, many companies are struggling to stay secure.


As companies weigh options and consider their security plans, it’s important to balance the investments made in security against the potential risks and business impact of a breach. In a previous article, I have discussed how to calculate ROI for cybersecurity. Many security experts are faced with the challenge of convincing management to approve the security investments they know will help secure the organization and often the decision comes down to balancing security costs with the acceptable risk for the organization.  It is, therefore, important to understand the real cost of a cyber attack.


The global cost of data breaches is projected to nearly quadruple by 2019 over 2105 costs, to an estimated 2.1 trillion dollars, according to Juniper Research. And the impact of these breaches can be significant, particularly for smaller organizations. A 2012 National Cyber Security Alliance study showed that of SMBs who suffered a cyber attack, up to 60 percent go out of business within six months of an attack. A study from Kaspersky Lab estimates the average direct costs of a security breach on small businesses are $38,000. But the total costs are likely to be much higher.


In a recent article on CSO, David Weldon discusses the findings of a recent report from Deloitte Advisory entitled, “Beneath the Surface of a Cyberattack: A Deeper Look at the Business Impacts.” The report enumerates some of the indirect costs that organizations should consider in calculating the risk. While traditional calculations focus on direct costs of breach notifications and forensic analysis, these “below the surface” costs include increases in insurance premiums, increased costs to raise debt, disruption of operations, loss of intellectual property, and loss of customer relationships, contracts, and devaluation of trade name.


Protecting against the risks of a cyber attack can take many forms. Emily Mossberg, a principal with Deloitte & Touche, tells CSO that among her recommendations are proactive security controls and posture and ensuring that the organization has appropriate tools to log activities and the ability to identify abnormal activity on their network. If these are areas your organization is struggling to achieve on your own, EiQ’s SOCVue Security Monitoring service can help.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid security as a service that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternate solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!

Request Free Demo Now!

Tags: ROI, Cyber Attack, IT Security

Most Recent Posts

Subscribe to Email Updates