Cyber-attack hike prompts rising risk fears

There are dire warnings over the rising scale of cyber-attacks in the UK and USA as the indirect costs of the attacks outstrip the direct financial impacts.

Global intelligence and cyber security consultancy S-RM has published its 2022 Cyber Security Insights Report, which examines the specific cyber security challenges faced by C-suite leaders and senior IT decision makers across the globe.

Drawing on data from 600 C-suite and IT budget holders from organisations with a revenue over $500 million, the report found that 75% of senior IT leaders report experienced a serious cyber-attack in the past three years, up from just 60% of respondents in 2021, and a 25% increase overall. US businesses were slightly more likely to experience a serious cyber-attack (77%) compared to their UK peers (73%), though both markets saw an increase in attacks in 2022.

Jamie Smith, director at S-RM said: “Our latest report shows the sheer scale of serious cyber-attacks on businesses in the UK and the US, with three in four businesses affected in the last three years. This is a growing problem and one with serious ramifications for affected organisations. Instances of data theft, ransomware, fraud, cryptojacking, and other attacks all increased this year, causing significant financial damage.

The report also examined the damage caused by these attacks, which averaged nearly $3.4 million (£3 million). Respondents reported an average direct loss from a serious cyber incident of $1.5 million, a figure that doesn’t take into account an incident’s long-term fallout, which can cause businesses further financial damage. According to the report indirect losses, such as reputational damage or ransoms paid by an insurer, were often more costly than the initial incident itself, averaging $1.87 million. These indirect costs were slightly higher amongst UK IT leaders ($1.95 million) than US senior IT leaders ($1.79 million).

The most common impacts of cyber incidents across this period were the result of operational downtime (reported by 40% of respondents), increased insurance premiums (36%), reputational damage (34%), and legal costs (34%).

Smith concluded: “Often businesses will focus on the direct financial impact of a cyber incident, but the indirect impact can be even higher and far more difficult for them to accurately quantify. This is part of the reason why an effective incident response plan and relevant training is so important. The right plan can minimise the secondary impact of attacks, help to limit reputational damage, aid recovery, and minimise costly downtime.

“As the cyber threat continues to grow, investment in the right planning and expertise will become an even more crucial risk management necessity.”