A recent McAfee report on the hidden $1 trillion USD cost of cybercrime include the following key findings:
- 96% reported experiencing some kind of cyber incident;
- Two thirds of the companies surveyed experienced some kind of cyber incident in 2019;
- Average interruption to operations was 18 hours;
- Almost all affected companies said the costs went beyond the monetary loss—the biggest non-monetary loss was in productivity and lost work hours.
The report highlights that though the risk of cyber attacks is widely recognized, and a $145bn cybersecurity industry is proof of this, hidden costs are not well understood and include lost opportunities, wasted resources, and damaged staff morale.
The report rightly identifies a number of business disruption-related costs stemming from cyber attacks and the flow through impacts to company financials, including a loss of productivity and loss of work hours. These are some of the factors Cyberhedge has demonstrated adversely impact financials. This is why we see a correlation between poor cyber governance ratings, negative changes in the income statement, cashflow statement and balance sheet and an increased likelihood of a ransomware incident.
Despite the increased recognition of cyber as a primary business risk and financial and economic drag on performance, it is concerning that a majority of organizations do not have plans in place to reduce the impact of breaches on operations according to the survey.
The trillion-dollar figure offers an indication of why cyber has fast become one of the top business risks executives think about and provides source of growing corporate investment in security. While the discussion of the financial and economic cost of operational disruption is much needed, as long as the growth in the cost of cybercrime continues at a swift pace, it is clear that the current approach towards protecting the most valuable asset for most companies is still falling short.