What is the impact of cybercrime on my company?
Cybercrime is growing as the use of the internet and business networks expand. Today, more than ever, businesses of all sizes rely on their networks, data and internet connectivity to conduct business.
In this three-part series, we look at cybercrime’s impact, how it is perpetrated, and what you can do about it. In this part, we look at the impact of cybercrime on your business.
A cyber attack can cause enormous damage to your organization:
A cyber attack can lead to direct financial losses, for example, a phishing attack that leads to money being transferred to the hacker, but also to indirect financial losses which are caused, on the one hand, by the cost of resolving the incident itself as quickly as possible and, on the other hand, by the potential loss of customers.
A cyber attack can disrupt computer systems to such an extent that they can no longer support day-to-day business operations. This disruption of business operations will, of course, also have financial consequences
A cyber incident negatively impacts the company and can damage a reputation that has been built up carefully over many years in the blink of an eye. This damage to reputation will eventually lead to financial losses due to a direct impact on turnover and additional costs incurred in rebuilding the reputation after the incident.
What can happen? The damage caused by a cyber incident can be reduced to the acronym “CIA” (Confidentiality, Integrity and Availability):
The confidentiality of data can be impaired. Concretely: sensitive information can fall into the wrong hands or into the public domain
The integrity of data can be impaired. Concretely: due to incidents (intentional or unintentional), unauthorized modification of data can occur making it unusable or leading to errors
The availability of systems and information can be compromised. Systems can go down and remain unavailable for a long period of time, thus disrupting business operations. To estimate the potential impact on your own organization, you need to ask yourself what are the most critical IT assets of the organization and what can happen to them as a result of a cyber incident.
A couple of examples:
- In a hospital, the medical patient file is the most critical asset. If unauthorized persons gain access to the patients could suffer serious damage. Consider, for example, the medical file of a well-known person, which is leaked to the press.
- In a technology company (e.g. biotech or IT tech), the principal asset is often its Intellectual Property (IP). If this was to be stolen, the company’s entire competitive advantage could be lost. In this way, many business secrets have already ended up in the wrong hands.
- In a production company, the production systems are often the most critical, while in a logistics company, it is the logistics systems. If these systems go down, it can lead to interruptions of the production lines and the supply chain.
- In a retail or B2C company, consumer information is critical, all the more so when profiling consumer behavior is performed or when payment data is stored.
These are the principal IT assets (systems and information) that need to be secured to avoid incidents. And when incidents do happen, good recovery plans and incident response procedures need to be in place to reduce the impact. IT is often not fully aware of which systems are the most critical from the business point of view. This exercise should therefore be carried out jointly by business and IT.
In the next article, we look at the types of cybercrime and how they are perpetrated.
For further insights and possible solutions, register to attend our free webinars.