Cybercrime costs the world economy over a trillion dollars, or just more than one percent of its global GDP, says McAfee’s (NASDAQ: MCFE) latest report. The number is more than 50 percent from a 2018 study that put global losses at close to $600 billion. Additionally, around 92 percent of companies felt effects beyond monetary losses.
“The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, SVP and CTO, McAfee. “While industry and government are aware of the financial and national security implications of cyber-attacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs. We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents given the 100s of billions of dollars of global financial impact.”
Though such attacks causes huge dent on a company’s intellectual property and monetary assets, the most damages is caused to the company’s performance and its brand identity. Other than 92 percent of businesses reporting negative effects on their business beyond financial costs & lost work hours after a cyber incident, such attacks have larger than life lasting impact on an organization. These damages may be in the form of system downtime, reduced efficiency, incidence response costs, and brand & reputation damage.
According to McAfee’s survey, downtime is a common experience for around two-thirds of respondents’ organizations. Nearly 33 percent of survey respondents stated IT security incident resulting in system downtime costing them between $100,000 and $500,000, while this was nearly $762,231 in 2019. Such system downtime means organizations lost an average of nine working hours a week, leading to reduced efficiency, with the average interruption to operations reported at 18 hours.
The report also claims that organizations took nearly 19 hours to move from the discovery of an incident to remediation. While most can be managed in-house, but major incidents can often require outside consults with high rates that form a significant portion of the cost of a large-scale incident. Like mentioned earlier, any such attack on any corporate means negative impact on their brand reputation, which may also be irreversible sometimes. According to the report, the cost of rehabilitating the external image of the brand, working with outside consultancies to mitigate brand damage, or hiring new employees to prevent against future incidents is part of the cost of cybercrime and nearly 26 percent of the respondents identified damage to brand from the downtime experienced because of a cyber-attack.
Though cybersecurity and cyberattacks are not new for organizations to deal with, the worry is that many organization still lack understanding of cyber risk and wait for taking action till it hits them. No action on enlightening or continuous upgrading makes companies and agencies more vulnerable to sophisticated social engineering tactics, and once a user is hacked, not recognizing the problem in time to stop the spread could be the biggest worry for any organization.
According to the report, 56 percent of surveyed organizations said they do not have a plan to both prevent and respondent to cyber-incident. Out of the 951 organizations that actually had a response plan, only 32 percent said the plan was effective. Hence it is important that companies include uniform implementation of basic security measures, increased transparency by organizations and governments, standardization and coordination of cybersecurity requirements, providing cybersecurity awareness training for employees, and developing prevention and response plans.