beneath the surface of a cyberattack

Perspectives

Beneath the surface of a cyberattack

A deeper look at business impacts

Do leaders accurately gauge the impact a cyberattack can have on their organisation? Do common assumptions about the costs and recovery process associated with data breaches paint a clear picture? This paper considers—in financial terms—the broad and extended business impact of cyberattacks, including both direct and intangible costs.

Do you have a complete picture of the toll a cyberattack could take?

Assumptions can be misleading

Common perceptions about the impact of a cyberattack are typically shaped by what companies are required to report publicly—primarily theft of personally identifiable information (PII), payment data, and personal health information (PHI). Discussions often focus on costs related to customer notification, credit monitoring, and the possibility of legal judgments or regulatory penalties. But especially when PII theft isn’t an attacker’s only objective, the impacts can be even more far-reaching.

What does a cyberattack really cost? Regulatory fines, public relations costs, breach notification and protection costs, and other consequences of large-scale data breaches are well-understood. But the effects of a cyberattack can ripple for years, resulting in a wide range of “hidden” costs—many of which are intangible impacts tied to reputation damage, operational disruption or loss of proprietary information or other strategic assets.

Look behind the scenes in two sample scenarios and see how business performance can be challenged over a multi-year period when a cyberattack occurs. In one case, a cyberattack against a health insurance company appears to be a typical case of patient data loss but has deeper implications. The other example looks at the impact of intellectual property theft against a technology manufacturer. Combining cyber risk knowledge with business valuation and financial quantification methods, this paper draws essential lessons about the direct costs and the intangible impacts of a cyber crisis.

Fourteen cyberattack impact factors

To gauge the potential impact of a cyberattack, there are 14 impact factors that business leaders should consider. “Above the surface” are direct costs commonly associated with data breaches. “Beneath the surface” are potential impacts that are less understood and rarely revealed to the public eye, many of which are intangible costs that are difficult to quantify, including damage to trade name, loss of intellectual property, or costs associated with operational disruption.                                                                  

The long trail of cyberattack impacts

Beyond the initial incident triage, there are impact management and business recovery stages. These stages involve a wide range of business functions in efforts to rebuild operations, improve cybersecurity, and manage customer and third-party relationships, legal matters, investment decisions, and changes in strategic course.

Cyberattack readiness: From fear to confidence

Prepared with a more realistic understanding of the potential impact of a cyberattack, executives can invest in risk-focused programs to be more secure, vigilant, and resilient, and gain greater confidence in their organisation’s ability to thrive, even in the face of a cyber crisis.

  • Contact us
  • Submit RFP
  • Our Solutions

    Progress your business growth and development

    Take a look at the products and services we offer.

    Cyber risk

    We offer the best of our international cyber experience and organisational strategy to help you to protect your organisation against cyber risk and cyber crime and to gauge cyber security.

    Cyber Watch

    Adopting an intelligence-led approach to managing cyber risk is key to building cyber resilience. By identifying the relevant, current and emerging threats to your organisation, you can proactively identify and mitigate incoming attacks.

    Cyber Intelligence Centre

    Deloitte’s Cyber Intelligence Centre integrates state-of-the-art technology with industry insight to provide round-the-clock business-focused operational security.

Did you find this useful?