Think your company “can’t afford” cyber security? How much will a cyber attack cost?
Cost is arguably the biggest impediment to robust, proactive cyber security at small and medium sized businesses (SMBs). SMBs are aware of the need to secure their systems and data, but when presented with a solution, the costs may give them pause. Some of them think that hackers are interested in attacking large firms, and their companies are too small to warrant the investment.
The reality is that hackers find SMBs to be very attractive targets because they know these small firms may not have comprehensive cyber security defenses. Additionally, many SMBs sell services to large companies, and hackers frequently use these third-party vendors as backdoors into their primary targets. Verizon estimates that 58% of SMBs have fallen victim to a cyber attack, and stratospheric cyber attack remediation costs mean that these companies have a lot more to lose than multinational corporations.
Small businesses face big cyber attack costs
While cyber attack costs take a large bite out of multinationals, they can swallow SMBs whole. According to Ponemon Institute, cyber attacks cost SMBs an average of over $2.2 million. Cleanup costs are responsible for about half, with the other half being due to business disruption. It’s important to understand that $2.2 million is an average figure. Your company’s remediation costs could be higher, particularly if you do business in a highly regulated industry, such as healthcare or finance. The healthcare industry faces the highest per-record data breach cost, at $408 per compromised record, nearly three times the average of $148.
In addition to direct remediation costs, such as repairs to systems and hardware, businesses may also face a litany of indirect remediation costs, including:
- Regulatory or industry fines for compliance violations.
- Civil lawsuits from customers, business partners, or both.
- Higher cyber insurance premiums.
- Higher fees from payment processors, if the cyber attack causes your customers to file a significant number of credit card chargebacks.
- Customer refunds and incentives, such as credit monitoring.
- Lost sales and business opportunities.
These cyber attack costs are magnified if your company must temporarily suspend operations after a cyber incident. In addition to footing the direct and indirect costs of cyber attack remediation, your business must still pay everyday operational costs, such as rent, utilities, insurance, and payroll – and all of this while no money is coming in. If that sounds like a perfect (cyber) storm, that’s because it is; the U.S. National Cyber Security Alliance estimates that 60% of small businesses go under within six months of suffering a cyber attack.
Proactive cyber security doesn’t have to cost a fortune
Solid integrated risk management (IRM) and governance, risk, and compliance reduce the risk of cyber attacks, and automating IRM and GRC processes allows companies to save money and time without sacrificing efficacy. Continuum GRC’s proprietary IT Audit Machine (ITAM) is a cloud-based, self-service IRM and GRC solution that will help you document and analyze cyber risks, develop mitigation plans, define controls, and manage ongoing risk assessments, with clear visibility into key risk indicators, assessment results, and compliance initiatives.
The risks are dire. It’s not cyber security that SMBs cannot afford; it’s cyber attack remediation costs.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.