6 Unexpected Costs of Cyberattacks
Here's what you need to know about protecting industrials from bad actors
Cyberattacks threaten most companies’ top priority: Uptime.
Cybersecurity incidents can be caused by vulnerable software, human error, and malicious internal and external factors. Considering an increase in plant connected devices, the expansion of Wi-Fi, and other trends further digitizing operations, it will be simply impossible to ignore cybersecurity protections to operate effectively.
A seemingly “big” investments in cybersecurity ($50-100M) can prevent far more costly outcomes.
A few highlights of costs of recent attacks:
- Multi-national pharmaceutical producer - $915 million
- Global shipping conglomerate - $250 million
- Global packaged foods provider - $100 million
- Norwegian metals manufacturer - $75 million
The impact of a cyber incident is far-reaching and distracts more important work across several different divisions with an organization.
Here are the costs associated with a cyber attack:
Customers can sue for product commitments not kept, and end users of services can litigate for service outages that caused damage or breach of service level agreements. Lawsuits can drag out for years and end up reported in regulatory disclosures. For companies amidst merger and acquisition activities, the liability can be a deal breaker.
2. Lost revenue
Stopping production means stopping the product from bringing in revenue. In the case of state-owned companies, stopping production can lead to problems making national payment plans or other subsidized national programs. The production timing change also throws off ROI calculations for the product design and go to market costs, which typically assume a date when the product is purchased.
3. Crisis communications
As an attack happens, communication becomes even more crucial, both internally and externally. Proactive communication is needed to media and investors, to ensure the challenge is not blown out of proportion or causing unnecessary panic.
4. Equipment replacement
To keep production flowing, back-up equipment may need to be transported in, or disaster recovery systems turned on. In cases where no back-up equipment exists, or faulty configurations or procedures caused back-ups to fail, entirely new equipment and installs may need to be performed as soon as possible – often at a high cost.
5. Staff overtime
Troubleshooting is the first aspect of overtime, as technicians work to understand the nature and depth of an incident. As fixes are understood, additional time is needed to set up back-ups or workarounds. Manual procedures may be required, adding time and delays to performing regular tasks, until automated systems are back online.
6. Insurance premiums
Depending on the technicalities, some insurance policies will not cover cyber costs if the attack is considered an act of war. Undocumented or non-compliant systems may disqualify insurance coverage, especially if no cybersecurity policies are in place or if bare minimum standards have not been implemented.
Taking proactive measures to know your cybersecurity status and layer in defenses can ensure uptime as well as competitive advantage.