Do leaders accurately gauge the impact a cyberattack can have on their organization? Do common assumptions about the costs and recovery process associated with data breaches paint a clear picture? This paper considers—in financial terms—the broad and extended business impact of cyberattacks, including both direct and intangible costs.
Assumptions can be misleading
Common perceptions about the impact of a cyberattack are typically shaped by what companies are required to report publicly—primarily theft of personally identifiable information (PII), payment data, and personal health information (PHI). Discussions often focus on costs related to customer notification, credit monitoring, and the possibility of legal judgments or regulatory penalties. But especially when PII theft isn’t an attacker’s only objective, the impacts can be even more far-reaching.