From organizations paying massive noncompliance fines to consumers shunning companies they perceive as insecure, we’ll break down the impact of cyber attacks on businesses and individuals from businesses’ and consumers’ perspectives.
Hardly a day goes by without a new cyber attack or data breach making headlines in the press. It shouldn’t come as a surprise that cyber attacks on businesses (and the data breaches that typically follow) wreak havoc on the targeted organizations and their consumers. But what kinds of negative impacts or effects do these acts of aggression have on their targets and their targets’ stakeholders?
Let’s dig into the data and look at 12 of the top negative effects cyber attacks have on businesses and individuals.
Let’s hash it out.
A Look at the Effects of Cyber Attacks and Data Breaches on Businesses
1. Organizations Globally Have to “Dig Deep” as They Continually Battle Rising Breach Costs
As has been the case for many years, businesses and organizations in the U.S. continue to face the highest data breach costs globally. Data from IBM’s 2022 Cost of a Data Breach (CODB) report (conducted by Ponemon Institute) shows that U.S. organizations are being slammed with an average data breach cost of $9.44 million per incident. This is more than double the average cost when compared to the rest of the global community ($4.35 million).
Let’s compare this to previous years…
Data source: The data used to create this graph was gathered from IBM and Ponemon Institute’s Cost of a Data Breach reports from 2018-2022.
Of course, there are plenty of other direct and indirect costs and effects of cyber attacks and data breaches to consider…
2. Lost Business Opportunities Cost Organizations an Average of $1.52 Million
Data from IBM’s 2022 Cost of a Data Breach (CODB) report shows that while it’s not the leading data breach cost factor, lost business still costs organizations a pretty penny annually. This category of data breach costs includes the effects and activities relating to:
- Business disruptions
- Lost or damaged reputation
- Revenue losses
- Attempts to minimize customer losses, and
- New customer acquisitions (to replace those lost)
As we’ll address a little later in the article, these hits take a toll on organizations by helping consumers determine where they do (and don’t) want to spend their money.
3. 76% of Organizations Experienced Downtime Due to Cyber Attacks and Other Issues
Yikes. As Acronis reports in its Cyber Protection Week Global Report 2022, more than three-quarters of surveyed organizations faced downtime in the last year for at least one of several reasons:
- System crashes (52%)
- Human error (42%)
- Cyber attacks (36%)
- Insider attacks (20%)
To put this in perspective, this represents a 25% increase over the numbers reported in their previous year’s report.
But what are some of the most common, specific causes of downtime or outages for your network, IT systems, or website?
- Ransomware attacks
- Distributed denial of service attacks (DDoS attacks)
4. Effects of Data Breaches Extend to Companies’ Stock Market Performance
Another one of the negative effects of cyber attacks and data breaches on businesses can be seen on Wallstreet. In 2021, Comparitech analyzed the stock performance and share prices of 34 breached companies that were listed on the New York Stock Exchange (NYSE), which experienced a total of 40 breaches. What they discovered was that breached companies underperformed compared to the NASDAQ (using its performance as the baseline). The companies’ average share prices fell:
- 8.6% after one year.
- 11.3% after two years.
- 15.6% after three years.
5. Organizations Must Increasingly Look Inward as 19% of Data Breaches Involve Insiders
It’s common sense that organizations should be doing all they can to protect their IT systems and data from external threats. After all, Verizon’s 2023 Data Breach Investigations Report (DBIR) shows that 83% of data breaches resulted from external actors. However, that doesn’t mean organizations can be complacent about internal threats (i.e., intentionally malicious users and unintentional situations [read “oops”]), which are involved in nearly one of every five analyzed data breaches.
External threat actors can blackmail or manipulate employees into doing things they don’t want to do. But in some cases, your employees may just choose to “color outside the lines” and do bad things for whatever reason — money, revenge, or maybe just because they can. Knowing this, regardless of the “why,” organizations increasingly need to monitor and improve their day-to-day security management strategies and practices. This includes:
- Utilizing best-in-class network and website security tools,
- Providing regular, mandatory cyber security awareness training.
6. Cyber Attacks Further Burden Businesses’ Taxed Supply Chains
Data source: A joint cyber security advisory from the Federal Bureau of Investigation (FBI), Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA).
It’s no secret that we’re living in a time of food shortages and supply chain issues, following the past few years of COVID-19 global restrictions and ongoing economic crises. But did you know that cyber attackers are, in part, contributing to this problem?
In December 2022, an alphabet soup of several federal agencies (FBI, FDA OCI, and USDA) released a joint cybersecurity advisory that details how cybercriminals are using business email compromise (BEC) scams to steal valuable food products and ingredients. The report listed more than $1 million in reported losses to suppliers and distributors.
As you can imagine, the affected businesses aren’t going to want to shoulder those costs on their own. So, what ends up happening as a result? I’ll give you one guess…
7. 60% of Organizations Report Raising Their Prices After a Data Breach
As if customers aren’t dealing with enough already with looming inflation and global economic recessions, three in five organizations surveyed in IBM/Ponemon Institute’s CODB 2022 report said they had to pass data breach costs along to customers in the form of higher product and service costs.
So, not only are cybersecurity prevention and response costs already often baked into companies’ existing product and service prices, but now those prices increase when those security mechanisms fail. Unfortunately, this means consumers’ and end-users’ wallets are left to take the hits.
Alright, it’s time to wrap up our list of the negative effects of businesses. It’s time to switch gears and look at things from the perspective of your consumers…
The Impact of Cyber Attacks on Individuals (And How Some Consumers Respond to Them)
By and large, many companies don’t live up to consumers’ expectations when it comes to transparency and providing adequate security for their data. Nearly 60% of consumers surveyed by McKinsey say they believe that companies care more about making money on their personal data than they do about protecting it. As a result, here are some of the impacts and effects cyber attacks have on individuals and what they’re doing about them.
8. Reported Potential Losses for Americans Topped $10.2 Billion in 2022
Earlier this year, the FBI’S Internet Crime Complaint Center (IC3) released its 2022 Internet Crime Report. Although the total number of reported cyber attacks and incidents decreased in 2022 (i.e., 800,944 complaints in 2022 compared to 847,376 the prior year), the potential total losses have skyrocketed to nearly $10.3 billion. This is an increase of nearly 158% over 2021’s $6.9 billion in total reported losses.
To put this in perspective, let’s take a quick look at the total reported losses that were reported to the FBI’s IC3 over the last 10 years. These said losses have jumped from over $525 million (which was already a lot) to more than $10.2 billion:
Image caption: This data on total reported losses was gathered from the FBI IC3’s annual Internet Crime Report documents from 2022, 2019, and 2016.
Something important to keep in mind when reading these gut-wrenching numbers is that this data only represents reported cyber attacks and breaches. It doesn’t include those situations that remain undiscovered and others that don’t get reported.
9. 68% of Consumers Won’t Make Purchases Through Websites They Perceive as Insecure
Data from Axway’s 2022 Global Consumers Survey shows that consumers are making their distrust clear through their wallets. More than two-thirds of the customers surveyed say that an online retailer’s demonstrated lack of personal data security would be enough of a turnoff that they wouldn’t make purchases through their websites.
The Baymard Institute’s 2022 survey data also shows that nearly one in five adult consumers in the U.S. abandon their online shopping carts when they don’t trust websites to protect their credit card information.
10. Consumers Report Prioritizing Companies That Have Digitally Trustworthy Reputations
Interestingly enough, another way that consumers are “voting” with their wallets is by seeking out businesses that are known for having strong reputations regarding customer data and privacy protection. Data from McKinsey shows that, aside from the price, quality, and delivery speed, some of consumers’ top purchase decision considerations are:
- Whether they feel that the company is trustworthy, and
- How much personal data the company requires.
Consumers in the European Union (EU) fall under the General Data Protection Regulation (GDPR), which holds organizations to more stringent data security, privacy, and reporting requirements than most U.S. state laws. (Note: The U.S. doesn’t yet have such a comprehensive federal law.) The regulation requires companies to disclose what information they collect, and how it’ll be collected and used, and requires them to give consumers an opportunity to opt out. It also has stringent data breach reporting requirements and noncompliance fines to discourage companies from “coloring outside the lines.”
Image data source: The data from this graph was calculated using cumulative data from EnforcementTracker.com. (NOTE: 2018 and 2023 numbers include only partial data, as GDPR went into effect midway through the year in 2018 and we’re only part way through 2023 when this article was written.)
This brings us to our next point on what happens when companies violate that trust…
11. 75% of Consumers Won’t Deal With Companies That Have Been Compromised
Three in four respondents in Axway’s 2022 Global Consumers Survey indicate that they would stop doing business with companies that have either fallen prey to cyber attacks or have experienced data breaches.
Customer trust is fragile and should be handled with the utmost care. Research by DigiCert shows what happens when consumers lose their trust or faith in an organization: 84% of consumers will move their business to another company. This means that if their trust in your organization is lost or damaged, your competitors will be there to welcome your customers with open arms.
12. Patients’ Health & Privacy Take a Toll as 89% of Healthcare Organizations Report Attacks
Alright, it’s time to wrap up our list of the negative effects of cyber attacks. Although Malwarebytes reports that half of their surveyed consumers feel more confident in healthcare organizations protecting their sensitive personal data than other organizations, that sentiment isn’t likely to stay positive in the long run.
Cyber attacks on healthcare organizations soared 74% from 2021 to 2022, according to Check Point Software’s latest research. The company’s 2023 Cyber Security Report shared multiple attacks, which resulted in the theft of patients’ records, disruption of care, and medical harm to patients. Nearly nine in 10 healthcare organizations reported experiencing cyber attacks within the previous year.
Some examples of the reported targeted healthcare organizations include:
- CommonSpirit, the second-largest non-profit hospital company in the U.S., reported a ransomware attack between September and October 2022 that affected the IT systems at an unspecified number of its facilities.
- Telnet, a Dallas-based company with hundreds of locations, reported having a “temporary disruption to a subset of acute care operations” due to an unspecified cybersecurity incident in April 2022.
- Three New York hospitals suffered ransomware attacks, knocking out their medical systems for weeks starting in November 2022. One Brooklyn Health’s official notice about the incident affecting its three campuses states that the attack involved unauthorized access to OBH’s computer systems over several months, compromising patients’ personal and medical information.
Final Thoughts on the Effects of Cyber Attacks and Data Breaches
Over the past decade, we’ve seen an immense surge in the types and numbers of cyber attacks and data breaches that have occurred globally. To combat this, companies are investing more in their IT infrastructure, cybersecurity efforts, and employee cyber awareness training programs. But is it enough? While making such improvements is great, many companies’ efforts lag behind the increasing threat levels represented by cybercriminals and unmitigated vulnerabilities and exploits.
And this is especially bad when you consider that businesses are responsible for collecting and processing increasingly more sensitive data — and many do so without the proper processes and security mechanisms in place.
Let’s be frank: consumers are tired of receiving lip service. Companies always talk about the steps they’re taking steps to improve their cybersecurity. But these are the things we should expect the companies that handle our data to do as a minimum. After all, they’re typically required to meet industry cyber security standards and baseline requirements.
But on the consumer’s side of the coin, all we see are increasing increased attacks upon the businesses and organizations we do business with. We’re receiving more and more notices informing us that our personal data has been involved in data breaches. And what are we offered as consolation? Free credit monitoring or insultingly paltry financial settlements (that is, if we’re “lucky” enough to receive anything for our troubles).
The bottom line is that companies need to do more to protect consumer information and other sensitive data. And this responsibility involves everyone within your organization, regardless of their role.
Looking for more cyber attack, cyber security, and data breach-related statistics? Check out the following resources: