How Much Can a Cyberattack Cost Your Company?

We’re going to be upfront here. There is a lot of talking around the question of cybersecurity costs in the IT industry. There are many valid reasons for this, including the fact that companies hit by hackers often want to keep as much of the impact under wraps as possible.

Those reasons are not the issue, though. You need to know the numbers and how cyberattack costs can add up. So, let’s get into it.

Looking at the Numbers

Let’s start by looking at the research and stats that are currently available. According to the National Cyber Security Alliance, the average payout for a ransomware attack (which is just one type of cyberattack) is now $177,000.

A report by NetDiligence highlights a similar figure for the average ransomware payout. However, its report finds the total cost of dealing with a ransomware attack (paying the ransom and other associated costs) is much higher at $275k. Sumo Logic, meanwhile, puts the average cost of ransomware attacks at $133,000.

Insights can also be found in IBM’s Cost of a Data Breach report. The 2021 version of the report put the average cost of a data breach globally at $4.24m (the figure is even higher looking at the US only). Around 38 percent of this cost is accounted for in lost business, with the rest made up of detection, escalation, and post-breach response.

The above IBM research uses an “average per record cost” to complete some of the calculations. We can also use this figure to get an idea of what it might cost your business if you suffer this specific type of cyberattack, i.e. a data breach. A data breach could include customer, employee, and other personal contact data.

According to the IBM report, the average cost per record of a data breach in 2021 was $161. If you have a data breach that impacts 5,000 customer records, as an example, you can expect the cost to your business to be in the region of $800k.

Real-World Examples

Rokenbok Education is one such example (Rokenbok Education is now known as Kid Spark Education). It provides mobile STEM labs and other educational solutions for schools. It suffered a Ransomware attack that resulted in the company losing thousands of dollars in sales. It didn’t pay the ransom, but it lost the sales as it was offline for four days while it got its systems operational again.

Most small businesses want to keep the information about a cyberattack quiet to avoid bad publicity and prevent other hackers from trying another attack. There are other examples, though, including a story on the Verizon blog about a business that asked to remain anonymous. The company, a family-run electronics business, was attacked by hackers who started collecting the data of its credit card customers, using that data to make purchases. The company ended up with a six-figure fine.

The Costs You Will Incur as a Result of a Cyberattack on Your Business

How much a cyberattack will cost your business depends on a range of variables, including the size of your company, the type of attack, the practical impact of the attack, and how costs are calculated. That latter point is important, as Deloitte says a lot of the focus when assessing the average cost of a cyberattack is restricted to things like credit monitoring, fines, and customer notification costs.

Costs like average ransomware payments are reasonably straightforward to find, too, and data breaches are becoming easier to evaluate, since there is now broad consensus on the cost per record of a data breach.

However, there are lots of other costs that often remain hidden. We’ve included both the visible and less visible costs of a cyberattack in the list below.

Operational Downtime

Downtime in your business costs time and money. The reality is that dealing with a cyberattack often involves a complete shutdown of operations, whether instigated by you as you investigate and resolve the issue, or instigated by the attackers as leverage.

These costs stack up every minute you are not able to properly trade. The problem doesn’t completely go away when you start to come back online again, either, as the move back to normal trading is likely to be gradual. In other words, a proportion of downtime costs will continue until you are fully up and running.

Remediation Costs

Remediation costs can be difficult to quantify until you experience them directly, but they can include everything from IT costs to remediate systems, to the cost of diverting resources between business units, to costs for the repair of facilities damaged as a result of the cyberattack.

Reputational Damage

Cyberattacks can result in a loss of trust and loyalty with customers, negative reviews online, and negative mentions on social media, as well as the still highly significant negative word of mouth. This reputational damage can then result in a drop in sales and lost customers that can be difficult, expensive, and time-consuming to recover from.

Regulatory Costs

Regulations are still evolving in this area, but they shouldn’t be underestimated. If you have customers in Europe, for example, those customers are protected under the EU’s GDPR regulations. Fines at the lower severity scale under those regulations can be up to around $12m, or two percent of global revenues, whichever is higher.

California also has privacy laws that can result in fines of up to $7,500 per individual violation. As an example, failing to include a cookie banner could be a breach of California’s privacy regulations in some situations. However, this doesn’t just represent a single violation of the law and one fine. Every time someone visits your site is another individual violation, so you can see how the fines can add up.

Even though these regulations don’t specifically apply to your business in Oregon, they are an indication of where the regulatory landscape could be going. A report in the New York Times, for example, says Colorado and Virginia have similar privacy rules to California, while at least four other states are in the advanced stages of introducing their own legislation.

Lost Business and Customers

Customers can lose confidence in your business as a result of a cyberattack. This can occur because they are directly affected by disruption to the services or products you supply. Your customers may even be caught up in the actual cyberattack, like in the example above. This situation can also involve additional costs, including the cost of lawsuits from clients whose data you didn’t protect.

The full impact of lost business and customers is not always immediately apparent, as customers can move away over time, while you might find it hard to bring new customers on board.

Increased Debt Costs

Cyberattacks can negatively impact your credit rating, causing your rating to drop, making it more costly to raise new debt or refinance existing debt.

Increase in Cyber Insurance Costs (or not being able to get insurance again)

There isn’t much research available in this area, but Deloitte reports that companies have faced increases in cyber insurance premiums by as much as 200 percent following a cyberattack. These increases are often accompanied by new restrictions and requirements that can also incur additional costs.

Loss of Employees

Many companies lose key employees as a result of a cyberattack, plus you might find it difficult to recruit new employees, at least in the short term.

Legal Costs

Getting legal advice and support following a cyberattack is usually essential. There will be a cost for this advice and support, with the fees typically increasing with the severity or complexity of the attack.

Canceled Contracts

Cyberattacks can result in canceled contracts where the financial impact is immediate. There might even be penalties you need to pay. It goes deeper than this, though, as potential future contracts might be impacted by the cyberattack, at least in the short term.

Loss of Intellectual Property

Cyberattacks can result in intellectual property rights being breached, such as through the exposure of trade secrets or other confidential information. This is an intangible cost but, depending on your business, it can be significant, particularly if it impacts competitiveness.

Investing Now to Prevent Costs in the Future

The cost of a cyberattack can be crippling for businesses of just about any size. The best approach is prevention, i.e. investing now to minimize the risk of a cyberattack in your company. There is too much at stake to take any other approach.

Training your team on cybersecurity risks, ensuring you have recurring off-site backups of your data, and keeping software and systems up to date are some of the things that you should be doing now and on an ongoing basis.

Support is available. At StepUP IT, for example, we have a Security Plan that will provide an immediate boost to your level of cybersecurity. Find out more today.

budgeting for workstations

Budgeting for Workstation Upgrades and Additions

In today’s digital age, workstations and devices form the backbone of businesses, enabling productivity, facilitating integration with essential software, and ultimately driving success. The importance of staying up-to-date with these workstations cannot be overstated. Let’s explore the significance of keeping workstations current and offer some insight into how your SMB can effectively manage your workstation needs without straining their budgets.

Read More »
hardware budgeting

Budgeting for IT Hardware and Physical Infrastructure Upgrades

Budgeting for IT infrastructure is a critical cornerstone of modern business operations. Your IT infrastructure encompasses a wide array of components, including hardware devices, servers, switches, firewalls, and more. Essentially, it’s everything that supports the software and applications that keep a business functioning smoothly.

Read More »
disruptive technologies

Disruptive Technologies: Leadership Insights for SMBs

In today’s fast-paced business landscape, disruptive technologies are like the shiny new toys of the business world. They have the power to transform the way SMBs operate, much like how playing with a Matchbox car differs from the exhilarating experience of driving the latest VR racing game. Both allow the user to imagine themselves driving, but the technology in place makes the experience that much different.

Read More »
automation

The Age of Automation: Leadership Insights for SMBs

Automation can present both challenges and opportunities. You may face initial investment costs in terms of both time and money, resistance to change among employees, security concerns related to data handling, and the need to ensure compatibility with existing systems. However, embracing automation can provide you with a competitive edge over competitors that are not using automation. It can enhance decision-making through data-driven insights, boost productivity by automating repetitive tasks, and ultimately lead to increased profits.

Read More »
cybersecurity challenges

Navigating Cybersecurity Challenges: Leadership Insights for SMBs

SMBs face distinctive cybersecurity challenges, often rooted in resource limitations and knowledge gaps. The gravity of these challenges becomes evident when we examine recent cyberattacks targeting SMBs. From ransomware to data breaches, these attacks can disrupt operations, lead to substantial financial losses, and damage reputation. To counteract these threats, proactive leadership is imperative. You have to be prepared to examine every aspect of your cybersecurity protocols and fill any gaps that might lead to a breach or data loss.

Read More »
innovation

How Can SMBs Use Technology to Promote a Culture of Innovation?

In today’s fast-paced business landscape, innovation has become the lifeblood of small and medium-sized businesses. It’s not limited to groundbreaking inventions but extends to everyday workflows, productivity enhancements, security measures, and even efficient data storage solutions. In this digital age, harnessing technology to promote a culture of innovation can be a game-changer for SMBs, ushering in growth and sustainability.

Read More »
remote

Effective Strategies for Leading a Remote Tech Team for SMBs

The landscape of work has been evolving, and the tech industry is no exception. Remote work, a growing trend that exploded into permanence in the wake and aftermath of the COVID-19 health crisis, brings unique challenges and opportunities. To effectively navigate the transition to remote work, it’s crucial to define the challenges and equip your remote tech team with effective leadership. Let’s explore strategies for SMBs to lead a remote tech team.

Read More »
tech-savvy

Building a Tech-Savvy Leadership Team for SMBs

Tech-savvy leadership isn’t just about keeping up with the trends; it’s about harnessing technology’s transformative power for growth. Leaders who understand and embrace technology can identify opportunities, streamline operations, and drive innovation more effectively. The question then is: How can SMBs build a tech-savvy leadership team capable of navigating this ever-changing landscape?

Read More »
budget

A Guide to Budgeting for IT Expenses

You know it’s critical to budget for IT expenses, but how can you be sure you’re taking everything into consideration before making any decisions? Let’s examine all the factors that should go into your technology budget.

Read More »

Since 2001, StepUP IT Services has been helping Eugene and Oregon businesses with technology. We are your IT partner. We manage and maintain your technology, empowering your organization to reach its goals. 

228 Grimes St. Eugene, OR 97402


Proud member of the

Business Hours: Monday – Friday 7am-5pm PST

Contact us by phone at (541) 683-5000 for afterhours support.

Office closed for New Year’s, Memorial Day, Independence Day, Labor day, Thanksgiving, and Christmas

© 2021-2023 All rights reserved

We improve our products and advertising by using Microsoft Clarity to see how you use our website. By using our site, you agree that we and Microsoft can collect and use this data. Our privacy statement has more details.