A cyber attack not only compromises the security of a company’s networks, but also creates undesirable consequences for its business function. Accenture reports that 43% of these attacks are directed towards small businesses and what’s worrying is that only 14% of them are prepared to defend themselves.
There are various costs arising from cybercrime. These include: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of financial and personal data, fraud, business disruption, restoration of hacked data and systems, and reputational harm. The latter being the less measurable cost with the loss of corporate reputation influencing consumers’ trust in a company.
Ransomware is one category of cyber crime of particular concern, with costs incurred skyrocketing over the past years, especially for small businesses. This malware infects computers and mobile devices, restricting users’ access to files and often threatening permanent data destruction unless a ransom is paid. This form of cyber crime has reached epidemic proportions globally and is the “go-to method of attack” for cybercriminals. Cybersecurity Ventures estimates that global ransomware damage costs will reach $20 billion by 2021; 57 times more than it was in 2015. Ransomware attacks on businesses occur every 11 seconds, up from every 40 seconds in 2016. Mark Montgomery, director at the U.S. Cyberspace Solarium Commission (CSC), believes that this is the fastest growing and one of the most damaging types of cybercrime, which will ultimately convince senior executives to take the cyber threat more seriously.
Phishing attacks occur when attackers try to trick unsuspecting victims into handing over valuable information, such as passwords, credit card details, intellectual property, and so on. These attacks are mostly in the form of an email pretending to be from a legitimate organization, such as a bank, or insurance agency. It is considered the most common form of cyber attack, mostly because it is easy to carry out and surprisingly effective. After declining in 2019, phishing increased in 2020 to account for 1 in every 4,200 emails. According to an IBM report, the average cost per compromised record has steadily increased over the past few years, with the cost in 2019 being $150. This may not seem substantial, unless the organisation is large, for instance, Marriott which lost 5.2 million records in its most recent breach. This resulted in a cost estimated to be around $780 million. Moreover, CSO reports that Phishing attacks account for more than 80% of reported security breaches. Thus, even though this form of cybercrime may not be the most costly for small businesses, it is definitely much more frequent than other forms.
There exist other established and emerging types of cyber crime which all organisations must constantly keep an eye out for. These include Man-in-the-middle attacks (MITM), AI-Powered attacks, IoT-Based attacks, SQL injection, and many more. Data is the building block of the digitized economy, and the opportunities for innovation and malice around it are incalculable. Therefore, it is vital for organisations of all sizes to develop and maintain well-fortified cybersecurity systems. Penetration testing, security audits and risk assessments are needed to maintain such a system, which may be provided by an experienced I.T vendor.