When you think of business downtime or a data breach, I'm sure you've thought of the direct financial costs.
If you've been successfully cyberattacked, you have to notify customers, figure out what went wrong, pay for any broken regulations, attorney fees (in the case of litigation), and the cost to improve your security infrastructure so it doesn't happen again.
Unfortunately, that's only half – or even less – of the impact on your business.
The costs I mentioned aren't much fun to incur, but they can mostly be addressed with the stroke of a pen in your checkbook.
What you really need to think about is the long-term consequences of a data breach or other cyber incident. These seven hidden, or at least less visible, costs can but a brake on your business growth for years after an incident:
- Insurance premium increase
- Increased cost to raise debt
- Impact of operational disruption or destruction
- Lost value of customer relationships
- Value of lost contract revenue
- Devaluation of trade name
- Loss of intellectual property
When you're considering how seriously you need to take network security and cybersecurity threats, you need to keep these costs in mind. While some of these are hard to quantify, they are no less real in their affect on your business operations.
Some of you reading this are thinking: “I've got nothing to worry about. Won't happen to me.” That's 100% false. Ransomware is over a billion dollar industry. Hackers are criminals. They steal data to make money. Criminals are also generally lazy and look for easy targets. When you don't take security seriously, you make yourself an easy target. Consider this: 43% of cyberattacks target SMBs.
Much coverage of cyberattack effects focus on the first two phases of the incident response lifecycle, incident triage and impact management. These focus on dealing with the immediate fall out. But, longer term, business recovery can take years:
Business recovery is the remediate phase lasting months or years when attention turns toward repairing damage to the business and preventing the occurrence of a similar event in the future. Business recovery activity is also highly variable, but can include the rebuilding or redesign of business processes, systems, applications, or other assets; the development of strategies to rebuild reputation, revenue streams, and competitive advantage; investment in security improvements, detection systems, or preparedness capabilities – all with the goal of emerging from the crisis stronger than before.
As you plan your information and network security strategy, don't forget to consider the affect these seven hidden impacts could have on your business.
It's easy to see security planning as a cost or an inconvenience. Since nearly all businesses rely on information and networks to operate; that's simply not true. You wouldn't leave the office doors to your business unlocked, would you? Your network is a potential open door for hackers to disrupt your business and/or steal your information unless you add a lock to it.
Research: Beneath the Surface of a Cyberattack: A deeper look at business impacts by Deloitte