The true cost of a cyber breach

All too often, implementing cybersecurity measures comes down to a simple question for many organisations: “This solution will cost us £x, but how much would a cyber breach really cost us? Is it financially worth it?”. This reasoning is completely understandable – after all, building a business case is imperative for any new venture, technology, or service that an organisation looks to implement to ensure return on investment.  

But when it comes to cybersecurity, it gets a little bit trickier, as it is sometimes hard to articulate what the actual financial implications of a breach would be for your organisation. Researching online, you’ll find many different reports claiming to have worked out the “true cost” of a cyber breach.

Take for example the IBM Cost of a Data Breach Report 2023. For an organisation of <500 employees, they reported the average cost of a cyber breach in 2023 being $3.31m.

If you compare this to the UK Cyber Breaches Survey 2023, their reported average cost to a medium-large business in 2023 was around £15.8k.

These two reports, aiming to achieve the same outcome, have arrived at significantly different results! It is worth noting that both surveys were run against very different datasets; the IBM report surveyed around 550 global organisations of various (but assumed larger) sizes known to have suffered a material breach. The UK Gov survey targeted around 2,250 UK organisations of which over half were micro (<10 employees) businesses and only 32% of surveyed organisations actually experienced a cyber breach.

The problem is, a cyber breach can take many different forms, and the more serious the breach, the more damage it can cause to your organisation.

For example, a phishing attack resulting in the breach of a finance employee’s email account to intercept invoices going out to clients might result in the loss of a few hundred pounds, or several thousand pounds, depending on what services you are providing.

ramsac phishing blog

A ransomware attack which results in the encryption of critical business data might only result in a day of interruption if the organisation is cloud based and has segregated backups but could result in days or weeks of interruptions if the organisation has a complex IT estate or a lack of suitable backups.

Despite it being difficult to identify a simple or generic cost of a cyber breach, it is worth exploring what the impact of different types of breaches could be and assess these against your particular organisation to help articulate the potential costs.

What are some of the potential impacts of a cyber breach?

Data Loss

Includes the theft or destruction of:

  • Customer PII – sensitive records that uniquely identify a customer, e.g. a payment system record with the customer’s name and credit card details.
  • Employee PII – sensitive records that uniquely identify an employee, e.g. a HR record with the employee’s name and their medical history.
  • Intellectual Property – proprietary software, designs, plans etc. which are sensitive to competitors.  
  • Other corporate data.

Financial impact: Any theft of customer or employee PII data could result in a fine from the Information Commissioners Office (ICO) in the UK if they find that you haven’t taken reasonable steps to safeguard your employees’ and customers’ data. An example of this includes the 2022 monetary penalty of £98k to Tuckers Solicitors who were compromised through a cyber breach resulting in the leaking of sensitive client data to the dark web.   

Disruption to business services and cost of recovery:

During a ransomware attack, expect significant prolonged downtime of systems, essentially paralysing your business. This obviously has a potentially significant effect on your ability to continue to offer services to customers. A solid disaster recovery plan and backup strategy make all the difference during attacks like these, so investment in these is vital.

Recovery from attacks can also be lengthy and costly. Take for example the ransomware attack on the British Library in October 2023, at the time of writing of this report, work was still underway to restore full business operations 5 months after the initial attack.

Financial impact: How much would your business lose out on if you could not operate or serve clients for 1 day? How about 1 week, or 1 month? Depending on your business, a complete IT outage could result in lost revenue or damaging disruption to clients for a sustained period. It could even take months to fully recover. For small companies, this could mean they cease to operate. Furthermore, the quick investment in further protections post-breach can be more costly than putting the preventative measures in place that would have stopped such an attack in the first place.

Damage to reputation:

A breach involving customer data must by law be disclosed to the ICO within 72 hours, and to impacted customers without undue delay. As a result, this can heavily impact the reputation of your organisation for failing to safeguard customers’ sensitive data, resulting in potential lost revenue.

Financial impact: Take for example the IT service provider Kaseya, who suffered a ransomware breach in 2021 which impacted the systems of over 1,000 other organisations using their software. If you type “Kaseya” into Google, results number 4 and 5 reference articles about their cyberbreach, and Kaseya has a “black mark” against them as a provider in the Managed Service Provider community. The loss of potential revenue is incalculable.

In summary, it is really important that you consider the various ways your organisation could be impacted by a cyber breach and how much this could cost you in terms of loss of revenue, cost of recovery, and the long-term effects of reputation damage. Following on from this, investment in the right technology proportional to your business is needed to provide adequate protection from cyber-attacks.

It is not acceptable to assume “it will never happen to us”; with devices being attacked on average 2,244 times a day, a successful cyber-attack against your organisation is inevitable. What isn’t is how your organisation fares after the event – this is called “cyber resilience”.

Investing in your organisation’s cyber resilience is of paramount importance. The more protections you put in the place, the more recovery options available to you, the better your organisation will recover following an attack. Here at ramsac, we can help you identify your organisation’s cyber resilience through our “Cyber Resilience Certification” or comprehensive cyber audits.

Cyber Resilience health check downloadable resource from ramsac

Safeguarding your organisation against cyber threats has become increasingly vital, and assessing where you currently are is the first step to security. Find out which 10 questions you should be asking yourself about Cyber Resilience.

Related Posts

  • How to Spot a Scam HMRC Letter 

    How to Spot a Scam HMRC Letter 

    Cybersecurity

    Learn how to spot fraudulent communications, like fake HMRC letters, and take steps to protect your personal information and finances from scammers. [...]

    Read article

  • What is Data Loss Prevention (DLP)?

    What is Data Loss Prevention (DLP)?

    CybersecurityTechnical Blog

    Explore how Data Loss Prevention (DLP) strategies and tools protect sensitive data, ensure regulatory compliance, and mitigate risks from insider threats, enabling organisations to stay secure and resilient in [...]

    Read article

  • AI-Driven Threat Detection and Response

    AI-Driven Threat Detection and Response

    AICybersecurityTechnical Blog

    This blog explores how AI-driven cybersecurity is transforming threat detection and response with real-time, adaptive defenses against evolving cyber threats. [...]

    Read article

  • Why you should invest in Cybersecurity Consultancy

    Why you should invest in Cybersecurity Consultancy

    Cybersecurity

    n an increasingly complex cyber threat landscape, investing in cybersecurity consultancy is essential to protect your business from potential risks and ensure long-term resilience. [...]

    Read article

  • Everything you need to know about the transition to ISO 27001:2022 

    Everything you need to know about the transition to ISO 27001:2022 

    Cybersecurity

    This blog explains the essential steps and timeline for transitioning from ISO 27001:2013 to ISO 27001:2022, ensuring your organisation maintains its certification before the October 2025 deadline. [...]

    Read article

  • Why your organisation needs VMaaS: Turning vulnerabilities into strengths

    Why your organisation needs VMaaS: Turning vulnerabilities into strengths

    Cybersecurity

    Discover how ramsac’s VMaaS can transform vulnerability management from a reactive headache into a proactive strategy that strengthens your organisation’s cybersecurity. [...]

    Read article

Quiz yourself

Are you more cyber savvy than an 11 year old?

11-14 year olds get asked these questions in school. Could you get these right?