Devastating Examples of the Consequences of a Cyber-Attack

Cyber crime is one of the fastest-growing threats to industry across the world. 

Last year saw a record-breaking surge in the number of data breaches and cyber-attacks per minute on every target, from small organisations to major corporations.

The cost of cyber crime is set to hit $10.5 trillion (£7.5 trillion) annually by 2025, with organisations paying an average of $25 (£18) per minute due to cyber security breaches. As of 2020, the average cost of a data breach is around $3.86 million (£2.78 million).1

Understanding the cyber threats organisations face, and the devastating repercussions they can have, is crucial to developing an effective cyber security strategy that can help overcome these challenges. 

In this article, we’re going to look at the consequences of a cyber-attack on an organisation, along with relevant examples that highlight the need for robust cyber security solutions. Let’s get started.

Financial implications

The first and most obvious consequence of a successful data breach or cyber-attack is the direct financial implications.

There are a number of possible financial costs associated with a cyber-attack, including: 

  • Compensation: Under data security laws such as General Data Protection Regulation (GDPR), customers impacted by a data breach have the right to claim compensation. Yahoo, which lost $85 million (£61 million) in fines and compensation payouts after 3 billion accounts were breached, is a good example of this.2
  • Investigation Efforts: Cyber security breaches also come with internal costs. Discovering the cause of the breach and preventing the same thing from happening again takes time, money, and sometimes even the hiring of an external cyber security threat analysis team, often at a significant cost. 
  • Legal Fees: If the data breach victim is found to be legally at fault, further losses from legal fees are a potential outcome. For example, after a data breach in 2017, consumer credit reporting agency Equifax paid US financial institutions nearly $2 million (£1.4 million) in legal fees.3
  • Non-Compliance Penalties: As per GDPR, companies found to have failed to comply with data security standards can be fined up to £17.5 million, or 4% of annual global turnover, whichever is greater.4 In 2019, the Capital One bank was fined $80 million (£57 million) for “failure to establish effective risk assessment processes,” and “failure to correct the deficiencies in a timely manner,” after a data breach that affected 100 million people in the US and another 6 million in Canada.5
  • Downtime: Downtime costs, especially in the case of a system locked by a ransomware attack, can be crippling, and linger on well after the attack is resolved in the form of lost business, a reduction in productivity, delayed orders, operational disruption and reputational losses with suppliers and customers. 

Example 

A recent example of the compounding financial losses of a cyber-attack is the 2018 British Airways data breach. 

The airline was found to be processing its data without sufficient protection. As a result, they were at fault when cybercriminals accessed the personal data of approximately 429,612 customers and staff.

British Airways was fined £20 million for not putting in place the required security measures, and the resulting legal settlement could cost as much as £2.4 billion.6 

Along with these financial ramifications, British Airways was also hit with reputational damage. Indeed, the data breach was highlighted as one of the reasons that the airline’s reputation fell to a four year low in 2019.7

Suggested reading: For more on the financial ramifications of a data breach, check out our blog — The Financial Impact of a Data Breach in 2021

New call-to-action

Reputational damage

As the above example of British Airways highlights, even after the direct financial costs of a cyber incident have been resolved, the ensuing reputational damage can continue to cost companies for years to come. 

Given the rising threat of identity theft, and the fact that phishing emails using personal details for authenticity are among the most common vectors for cyber-attacks, poor data protection around personal information can lead to a considerable loss of customer trust. 

This has become an even bigger problem for organisations in recent years, given how fast the news that a data breach has occurred can spread across social media.

A reputation that has taken years, or even decades to build, can be lost in seconds because of a security breach, making it far easier for competitors to tempt customers away.

Example

Returning to the 2017 Equifax data breach, alongside the $575 million in fines and settlements we covered earlier, the company also suffered significant damage to its reputation

Equifax’s Buzz score, a customer reputation metric, fell by a staggering 33 points in the first ten days after the breach was made public.8 

Legal difficulties

Given the massive rise in cyber crime over the last decade, it’s unsurprising that we have seen the introduction of new legislation to cover data protection and responsibility. 

The EU is covered by the GDPR, which replaced the Data Protection Act in the UK on 1st January 2021.

In the US, data protection laws are less cohesive, with the Federal Trade Commission Act operating at the federal level, alongside a number of state-level laws.

What all of this legislation has in common is the ability to fine and even prosecute organisations, along with individual staff members, if they are found to have breached their compliance obligations.

Example

One high profile example of an organisation facing legal problems as a result of a cyber-attack is Adobe. Following a breach in 2013, encrypted customer credit card records and the login data of 38 million users was stolen.9 

After the investigation into the breach was concluded in 2015, Adobe was fined $1.1 million (£794,000), and faced an undisclosed number of lawsuits because the company had violated the Customer Records Act. 

In addition to the direct legal difficulties, Adobe also suffered significant reputational damage and secondary financial losses.

Theft of intellectual property or confidential information

While less common than the consequences we’ve listed above, some cyber-attacks are launched in order to access very specific information. This might include intellectual property or other sensitive information. 

This, in turn, can lead to a loss of competitive advantage, as competitors or other bad actors can gain access to information related to strategies and innovation. The ultimate result of this can be a potential decrease in sales, and therefore lower profit margins. 

Pursuing intellectual property theft or copyright infringement claims can also result in significant legal costs for an organisation. Furthermore, the exposure of confidential information could also contribute towards reputational damage.

Example

In an example of the COVID-19 crisis increasing the volume of cyber crime, state-sponsored hackers from Russia, Iran, China, and North Korea have been accused of targeting pharmaceutical companies, vaccine manufacturers and research groups in an attempt to steal COVID-19 treatment and vaccine production research.10

Protect your organisation

Partnering with market-leading cyber security experts offers organisations of all scales the opportunity to shield themselves from the rising tide of cyber-attacks, and mitigate some of the major consequences associated with data breaches.

Six Degrees delivers mission-critical secure cloud services to major organisations across the UK, and offers a range of cyber security options, including industry-leading endpoint protection, managed detection and response services, end-to-end cyber security compliance guidance and advanced penetration testing.

Our experienced team provides full-coverage threat detection and protection in a scalable and holistic service that helps organisations build a robust defence against cyber threats and their consequences.

Contact us today to find out how Six Degrees can help shield your organisation from a devastating cyber-attack.

Further reading: For more on our cyber security processes at Six Degrees, take a look at our blog — The Six Degrees Approach to Cyber Security

New call-to-action

Subscribe to the newsletter today

Related posts

Want to find out how your cyber security stacks up?

Take our free Cyber Security Maturity Assessment today.