The report, ‘The Hidden Costs of Cybercrime‘, conducted by McAfee in partnership with the Center for Strategic and International Studies (CSIS), also found that 92% of organisations felt effects beyond financial losses as a result of cyber crime.
Two-thirds of respondents cited system downtime as a common experience, while 33% stated that IT security incidents resulting in system downtime cost them between $100,000 and $500,000.
System downtime was also found to result in an average of nine working hours a week, leading to reduced efficiency, while the average interruption to operations was 18 hours.
Elsewhere in the report, moving from discovery of an incident to remediation took most organisations 19 hours. While many security incidents can be managed in-house, major incidents can often require external consults with high rates, which form a significant portion of the cost of a large-scale incident.
In addition, cyber crime is known to damage reputation and trust from customers; 26% of respondentsidentified damage to brand from the downtime experienced because of a cyber attack.
A lack of preparation
Alongside these effects on organisations, the McAfee study found that organisation-wide understanding of cyber risk is widely lacking, with 56% of surveyed companies admitting to not having a plan to both prevent and respond to a cyber incident.
Out of those that did have such a strategy in place, only 32% said this was effective. Insufficient or non-existent incident prevention strategies can make companies and agents vulnerable to sophisticated social engineering tactics, and lead to users not realising they have been hacked.
Key ways to combat cyber crime that were recommended by McAfee included:
- uniform implementation of basic security measures;
- increased transparency by organisations and governments
- standardisation and coordination of cyber security requirements;
- providing cyber security awareness training for employees;
- developing prevention and response plans.
Forrester releases privacy and cyber security predictions for 2021
“The severity and frequency of cyber attacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, senior vice-president and CTO at McAfee.
“While industry and government are aware of the financial and national security implications of cyber attacks, unplanned downtime, the cost of investigating breaches and disruption to productivity represent less appreciated high impact costs.
“We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents, given the 100s of billions of dollars of global financial impact.”
1,500 IT and line of business decision makers across the US, Canada, the UK, France, Germany, Australia and Japan, from organisations with 1,000 or more employees, were surveyed for the study between April and June 2020.