A Deeper Look at the Financial Impact of Cyber Attacks

As large-scale instances of data theft — including theft of credit card records and personally identifiable information (PII) — are becoming more frequent, corporate executives and financial leaders are giving greater attention to the “cost” of cyber breaches. Are they looking at the breach, which typically categorizes data theft, or are they addressing “cost” as it relates to the entirety of the impact of a cyber incident to the enterprise?

Emily MossburgCyber incidents are becoming so widespread that some of the associated costs are fairly well anticipated, and are increasingly accepted as part of the risk of doing business. Direct costs can include those associated with customer notification, post-breach assurance programs, regulatory fines, public relations, technical analysis and remediation, and litigation, to name a few of the obvious.

Recognizing the growing cyber threat landscape, many finance and risk officers are responding by increasing budget allocations for IT security programs and investing in cyber insurance. While these commitments may be necessary to improve protection against certain kinds of losses, if made in the absence of a more comprehensive cyber risk program, they can leave an organization unwittingly exposed to far more consequential financial damage...