The losses from cyber-crime are expected to increase to $2 trillion dollars by 2019.
For many businesses, organizations and individuals this level of losses will seriously impact their bottom line and in some cases will be disastrous.
Businesses most at risk are SMEs and professional services businesses, especially micro-businesses of 1-50 employees.
Many small businesses collapse after successful cyber-attack. Around 60% of SMEs close within 6 months of a major cyber-attack. Larger businesses may simply have their competitiveness reduced to the advantage of their competitors.
Typical cyber-crime attacks
Cyber-crime has several sides to it, including :
- Simple financial theft: e.g. though a business's bank passwords
- Property theft: e.g. where access to a companies IT can facilitate stealing products
- Blackmail: e.g. through ransom-ware, where a business has to pay a fee to buy a key to unlock its computer files
- Theft of intellectual property: e.g. information about how to make or do something that a business has kept secret
- Competitive advantage: e.g. theft of critical confidential information of use to competitors
- Political: e.g. gaining confidential organizational information for political ends
- Intelligence gathering: e.g. identifying where yours or your clients valuable resources are and pathways to access them.
A single cyber-attack can be intended to commit multiple crimes in different areas of your business. Multiple cyber-attacks can be combined.
Types of Business Losses from Cyber-Crime
Cyber-risks can result in significant losses, and these can be very varied:
- Direct immediate financial losses (e.g. theft of money or products, damage to ability to do business,
- Loss of confidentiality of information leading to subsequent losses (e.g. confidential client information of (say) financial planners, lawyers, doctors...)
- Loss of credibility leading to subsequent business losses (e.g.
- Loss of key staff (e.g. confidentiality on person movements in businesses operating in high-risk environments)
- Legal penalties for loss of customer data (e.g. in EU current penalty is 4% of turnover)
Take Aways for Managers
- The financial consequences of cyber-crime losses on businesses are large and almost all businesses are targets (especially SMEs).
- There are many different types of cyber-attacks and cyber-crimes your business can be subjected to.
- There are many kinds of losses that can result from a cyber attack
- Cyber-attacks can be combined to create different kinds of losses in your business.
- Management decisions can minimise business losses from cyber-crimes (e.g. by segregating information so that a cyber-attack does not get everything).
Dr Terence Love
Design Out Crime and CPTED Centre
Resources - Cyber-losses