With cybercrime rates on the rise, and a hack estimated to occur every 39 seconds, the long-term impact of cybersecurity incidents is still being understood. However, in 2021 alone, the worlds’ top brands stand to lose between $93 billion and $223 billion from data breaches, according to a new study from Interbrand and Infosys. This number represents anywhere from 4 to 9.6% of their cumulative value at risk due to weak cybersecurity.
These figures are a drop in the bucket, however, when reflecting on the overall amount at stake in the US economy and abroad due to cybersecurity incidents. 60% of cybercrime is found to target small businesses. For a smaller brand, security breaches can be even more destructive than they are for a company with vast resources, since the average data breach costs around $150 per record lost.
The economics of cybersecurity incidents
Cybersecurity incidents are obviously unfortunate, but they can also take a larger toll on brands than may be instantly clear. The damage done by cybersecurity breaches can be broken down into three categories:
- Direct costs – Direct costs are the immediate financial consequences of a security incident on a business. They can often be quantified in a dollar amount.
- Indirect costs – These can best be categorized as lost resources spent navigating the breach, which could have been better spent on other projects.
- Hidden costs – Hidden costs are a third and expansive category of lost revenue. They may include the future need to invest in technological upgrades as a result of the initial breach.
Five impacts of cybersecurity breaches on brands
Of these three categories of economic expenses, there are five main impacts usually tied to cybersecurity breaches:
- Loss of revenue – Data breaches can have immediate and very visible costs. 29% of businesses that undergo data breaches also end up losing out on revenue. Of those, 38% saw a loss that was greater than one-fifth of their overall revenue.
- Erosion of consumer trust – Long term brand reputation is at stake when a data breach becomes public knowledge.
- Loss of intellectual property – The loss of intellectual property, including blueprints and emails, can compromise a brand’s competitiveness moving forwards.
- Legal fees and other hidden costs – Regulatory fines, legal fees, and the cost to modernize outdated cybersecurity systems are all examples of unexpected additional costs associated with data breaches.
- Loss of time repairing damage – Cybersecurity threats don’t only compromise consumers whose information is stolen. Hackers may also vandalize or take down web pages or other company cyberproperty.
Brand value and cybersecurity
A recent Sandia Labs study confirmed that one of the main indirect costs associated with cybersecurity incidents is a loss of brand value. This finding is especially important as it affects not only a business’ current activities, but also imposes limits on the future value associated with a company’s brand. Brand value is quantified as the sum of a company’s current income, future predicted income, reputation, and market value.
The Sandia study examined, among other incidents, the notable 2008 data breach associated with the South Korea based e-commerce giant Auction Co. A large-scale hack resulted in not only customer financial information being stolen, but also personally identifiable information such as addresses, phone numbers, email addresses, bank account information, and activity logs for nearly 18 million users. In the aftermath, negative customer responses were not limited to those whose personal information was breached. Users left the platform in droves, regardless of whether or not they were sure that their own data had been accessed. This kind of negative consumer response is illustrative of the kind of lasting indirect cost associated with a cybersecurity incident.
Trends in consumer trust and cybersecurity incidents
As businesses transition more and more of their activity to take place online, ensuring data security has become not only a key internal concern, but also increasingly necessary to guarantee the best possible consumer experience. The connection between brand value and data privacy has become impossible to ignore in recent years, with 92% of consumers surveyed by PwC concerned about how companies manage data protection. Importantly, 64% of Americans say that in a data breach, they would blame the company – and not the hacker – for their loss of privacy. This illustrates the onus that has been placed on companies when it comes to ensuring data privacy and cybersecurity.
While it may seem like a commitment to prioritize cybersecurity, the return on investment tends to be high. 84% of consumers say that they are more loyal to companies with strong security controls. Additionally, the average company reports seeing up to $2.70 in associated benefits for every dollar spent on privacy investments.
Overall impact report of cybersecurity incidents
No matter the size of the company, the consequences of a cybersecurity incident are far-reaching and can be devastating for a brand’s immediate revenue as well as future value. By contrast, the returns on investing in heightened data security and privacy tend to be both high and highly valued, by consumers and companies alike.