Business leaders need to have clarity around the enterprise-wide effect of cyber incidents, a report by Deloitte Advisory revealed.
“Executives have difficulty gauging potential impact partly because they are not typically privy to what their peers struggle with as they work to get their businesses back on their feet,” said Emily Mossburg, principal, Deloitte & Touche LLP, and resilient practice leader for Deloitte Advisory cyber risk services.
“An accurate picture of cyberattack impact has been lacking, and therefore companies are not developing the cyber risk postures that they need.”
The study helped to identifie14 Business Impacts of a Cyberattack. Those are
Customer breach notifications
Post-breach customer protection
Regulatory compliance (fines)
Public relations/crisis communications
Attorney fees and litigation
Cybersecurity improvements
Technical investigations
Insurance premium increases
Increased cost to raise debt
Operational disruption or destruction
Lost value of customer relationships
Value of lost contract revenue
Devaluation of trade name
Loss of intellectual property (IP)
The study revealed that the direct costs commonly associated with data breaches are far less significant than the “hidden” costs. In Deloitte’s scenarios, these account for less than 5 percent of the total business impact.
The time horizon over which impact is felt is far more protracted than is often anticipated. In Deloitte’s scenarios, costs incurred during the initial triage stage of incident response account for less than 10 percent of the rippling impacts extending over a five-year period.