Connect with us

Hi, what are you looking for?


The bottom line: What is the cost of being hacked?

How can a business calculate the cost of being hacked? An industry expert gives the lowdown.

A spyware campaign using tools from a secretive Israeli firm was used to attack and impersonate dozens of human rights activists, journalists and others. — Photo: © AFP
A spyware campaign using tools from a secretive Israeli firm was used to attack and impersonate dozens of human rights activists, journalists and others. — Photo: © AFP

How can a business critically appraise the cost of falling victim of a cyberattack? Assessing the financial impact is not straightforward and it extends to a cost profile beyond the immediate pain points.

Hacking, especially in form of ransomware, causes long-term pain and delays the day-to-day operations, disrupting whatever goods or services a particular firm specialise in. It also costs additional money should a firm pay out and a new round of costs should the firm which to build up its cybersecurity defenses.

Data collated by the security firm Cloudian shows that despite a seemingly robust approach to cybersecurity education and training being in place within many firms, 65 percent of victims penetrated by phishing had actually conducted anti-phishing training.

It is perhaps, therefore, unsurprising that traditional ransomware defenses are failing, with 54 percent of all victims having anti-phishing training and 49 percent having perimeter defenses in place at the time of attack. Of the key areas of vulnerability, research finds that the public cloud was the most common point of entry for ransomware, with 31 percent of survey respondents being attacked this way.

In terms of how successful these forms of attack are, the answer appears to be ‘very’. Data reveals that 56 percent of firms have reported that attackers were able to take control of their data and demand ransom within just 12 hours, and another 30 percent said this happened within 24 hours.

The attacks are devastating too. More than half of those surveyed said the attacks significantly impacted their financials, operations, employees, customers and reputation. As an idea of the financial impact, the average ransom payment in 2021 was $223,000, with 14 percent of victims who were appeared to provide details paying $500,000 or more.

The cost of ransomware does not stop with the pay-out since many firms want a robust solution to prevent recurrence. Cloudian survey data finds that companies spent an average of $183,000 more for other costs resulting from an attack.

Turning to insurance to help cover these costs is not necessarily going to fill the gap. With cyber insurance, this covered only about 60 percent of ransomware payments and other costs, presumably reflecting deductibles and coverage caps.

Is paying out a ransom worthwhile? Not in all cases for sure. Despite paying ransom, only 57 percent of impacted companies reported that they got all their data back. With all these issues factored in, the cost of a ransomware incident is very high.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The United Arab Emirates, which has launched a bold Mars mission, now hopes to become a pioneer in the depths of the metaverse.

Tech & Science

With the help of high-resolution satellite observations, scientists detail the unique pattern of sea level change linked to the Greenland ice sheet.


A tie-up between Vodafone and Three UK would create the biggest player in the UK mobile industry - Copyright AFP/File Roslan RAHMANVodafone on Monday...