Do you know the total cost of a potential cyber attack to your company?

The average cost of cyber crime to a U.S.-based company, according to a recent Ponemon Institute report, was more than $21 million in 2017.  

Cybersecurity Ventures predicts cyber crime will cost the world at least $6 trillion by 2021. That’s more than double the gross domestic product of France.

What exactly is included in these numbers and what is left out?

Calculating the total cost of cyber crime is a challenge. Damage to data and systems, ransom, embezzlement, attorneys’ fees related to lawsuits, settlement payouts, and loss of productivity should all be part of the calculation. 

But these are tangible costs. 

What about the opportunity cost or damage to brand reputation after a security breach?

There’s no formula to calculate these “below the surface” costs today, according to Ash Raghavan, a principal at Deloitte’s U.S. Advisory practice, who spoke during a Deloitte University Press podcast.

The invisible costs include lost value of customer relationships, loss of intellectual property, and the financial impact of operational disruption.

Due to the complexity of calculating intangible costs, recent efforts to quantify cyber breach loss have focused on tangible costs. IBM has created a data breach calculator, which includes cost factors such as employee training, insurance protection, lost devices, and board level involvement — no intangibles. 

In a like manner, the Ponemon Institute considers business disruption, loss of information, loss of revenue, and damage to equipment in their calculations.

One thing seems obvious. The longer it takes to discover and contain a cyber attack, the higher the total cost. Attacks from malicious code take the longest to resolve, an average of 55 days in 2017.

Every company should be prepared with cyber information management and governance practices. Having a formal information management program, estimates the Ponemon Institute, can reduce the cost of cyber crime by nearly $1 million.

2016 cyber attack resolution time(footnote 2). Malicious insiders 51.5 days. Malicious code 49.6 days. Web-based 25.3 days. Phishing 19.8 days. Denial of service 17.8 days. Stolen devices 13.7 days. Malware 5.6 days. Botnets 2.0 days. Total cost of cyber crime in the U.S. 2013–2016(footnote 1). 2016 $17.36 million. 2015 $15.42 million. 2014 $12.69 million. 2013 $11.56 million.

Six ways to protect yourself and your company online 

Part of a company’s cyber defense relies on its employees. Here’s a short list of tips to keep top of mind. 

View infographic (PDF)

Best practices for a company’s cyber health

Cyber crime is fast-evolving. Are your company’s defenses up to date?

Read about best practices

Data records across industries lost or stolen since 2013: 9,728,017,988

Cyber wars: Trends and recent attacks

Ransomware, bots, hactivism, and more. Find out about the most recent attacks and methods used.

Explore infographic (PDF)

Contact us

For more information, contact your Wells Fargo representative or contact us.