One in five companies that has been the victim of a cyber attack has felt the increased financial impact of a substantial cyber attack fine
The Hiscox 2022 Cyber Readiness Report shows the median cost of cyber attacks has risen 29% in the past year to just under $17,000. For UK-based businesses, this cost has doubled from $14,000 to $28,000 due to cyber attack fines.
The report is based on the findings of a survey of more than 5,000 professionals across a range of industries. It showed the number of companies that reported receiving a fine following a cyber attack almost doubled from 11% in 2021, to 20% in 2022.
Regulators bare their teeth with substantial fines
GDPR rules state EU authorities can impose maximum fines of €20 million or 4% of worldwide turnover – whichever figure is higher. While in the UK, the ICO (Information Commissioner’s Office) can issue fines of up to £17.5 million or 4% of the total annual worldwide turnover, whichever is higher. And in recent years, regulators including the ICO and the DPC of Ireland have issued multi-million-pound (or euro) fines.
A fine at even a fraction of these costs could spell serious trouble for many companies’ financial futures, which only underlines the importance of a strong cyber security suite.
As well as the immediate disruption to business operations, and the hit to the bottom line it represents, there are further cyber attack consequences many companies could be unprepared for.
How a cyber attacks can hurt your business
The latest Hiscox Cyber Readiness Report revealed the priorities of companies looking to increase their cyber security. It also expanded on the negative effects of a cyber attack that extend further than the direct loss and damage of equipment and data. Notably, a higher incidence of each effect was reported in 2022 than 2021, indicating the impact is increasing across the board.
These effects include:
• Increased costs of notifying customers in the event of a data breach or other compromise of confidentiality. (23% in 2021, 30% in 2022)
• Impact on brand and reputation of the attack, as companies may experience a shift in sentiment from customers. (23% in 2021, 27% in 2022)
• Loss of customers. The reputational damage might even cause customers and clients to take their business elsewhere. (19% in 2021, 22% in 2022)
• Solvency was threatened. Some companies reported an impact so great the future of their business was at stake. (17% in 2021, 21% in 2022)
• Received a substantial fine. Companies may have been hit with fines for failing to protect sensitive information and personal data. (11% in 2021, 20% in 2022).
“While the cybercriminals have long targeted high-value companies, it is clear they are now moving down the food chain”
Writing in this year’s report, Gareth Wharton, Cyber CEO at Hiscox, says the rising number of firms reporting attacks, and their increased severity, is a cause for concern, but he hails the fact businesses are applying greater ‘vigour’ in their repose to an attack.
He also highlights the ‘scale of the challenge’ faced by businesses and urges leadership teams to continue to educate their employees of cyber risks as criminals shift the goalposts.
“While the cybercriminals have long targeted high-value companies, it is clear they are now moving down the food chain,” Gareth explains. “International agencies have recently warned that more mid- and small-sized businesses are being targeted and this is borne out in this year’s report.”
References
[2] https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-le-processing/penalties/
