As recently as today, Fedex was stating that many of its overseas deliveries are still being impacted by last month's cyber-attacks. According to a Lloyd’s Report (Closing the Gap) the long term impacts of a cyber-attack on a business are being underestimated.
Key Findings of this report were:
The types of cyber-attacks against businesses vary from sector to sector and are constantly evolving. For example:
– There has been a major growth in targeting companies through CEO fraud, which is resulting in significant financial losses.
– The financial services sector finds itself at the sharp end of targeted attacks by organized cyber-crime but retail is increasingly being targeted.
– Professional services firms such as lawyers and accountants are increasingly targeted as a gateway to attacks on their clients, which are often large corporates.
– Ransomware and distributed denial-of-service attacks are increasingly used against businesses with healthcare, and media and entertainment particularly targeted.
– The public sector and telecommunications sectors are highly susceptible to espionage-focused cyber-attacks.
Businesses need to be aware of the full costs of a cyber-attack, in particular, the “slow-burn” costs (i.e. those associated with the long-term impacts of a cyber-attack, such as the loss of competitive advantage and customer churn). When added to immediate costs (i.e. legal and forensic investigation fees, and extortion pay outs), slow burn costs can dramatically increase the final bill.
There are four factors that aggravate the damage caused by cyber-attacks, making it all the more important that businesses mitigate their cyber risks and improve their cyber security:
1. Higher penalties for companies that breach cyber-security rules as set out in forthcoming European legislation.
2. Cyber-breach victims’ greater willingness to sue companies that have lost their data.
3. Increased responsibility for cyber security in the supply chain.