17 June, 2017
Do leaders accurately gauge the impact a cyberattack can have on their organization? Do common assumptions about the costs and recovery process associated with data breaches paint a clear picture? This paper considers—in financial terms—the broad and extended business impact of cyberattacks, including both direct and intangible costs.
Assumptions can be misleading
Common perceptions about the impact of a cyberattack are typically shaped by what companies are required to report publicly—primarily theft of personally identifiable information (PII), payment data, and personal health information (PHI). Discussions often focus on costs related to customer notification, credit monitoring, and the possibility of legal judgments or regulatory penalties. But especially when PII theft isn’t an attacker’s only objective, the impacts can be even more far-reaching.
What does a cyberattack really cost? Regulatory fines, public relations costs, breach notification and protection costs, and other consequences of large-scale data breaches are well-understood. But the effects of a cyberattack can ripple for years, resulting in a wide range of “hidden” costs—many of which are intangible impacts tied to reputation damage, operational disruption or loss of proprietary information or other strategic assets.
Look behind the scenes in two sample scenarios and see how business performance can be challenged over a multi-year period when a cyberattack occurs. In one case, a cyberattack against a health insurance company appears to be a typical case of patient data loss but has deeper implications. The other example looks at the impact of intellectual property theft against a technology manufacturer. Combining cyber risk knowledge with business valuation and financial quantification methods, this paper draws essential lessons about the direct costs and the intangible impacts of a cyber crisis.
Fourteen cyberattack impact factors
To gauge the potential impact of a cyberattack, there are 14 impact factors that business leaders should consider. “Above the surface” are direct costs commonly associated with data breaches. “Beneath the surface” are potential impacts that are less understood and rarely revealed to the public eye, many of which are intangible costs that are difficult to quantify, including damage to trade name, loss of intellectual property, or costs associated with operational disruption.
Please click on the image to enlarge.
Please click here to download the full report.
See also link to the original source here.
For further information, please contact:
Weiheng Jia, Partner, Qin Li Law Firm, a Chinese law firm and a member of the Deloitte Legal global network.
weihengjia@deloittelegal.com.cn
Mark Schroeder, Qin Li Law Firm, a Chinese law firm and a member of the Deloitte Legal global network.
marschroeder@deloittelegal.com.cn
