How could a cyber attack affect my organization?

Regulatory repercussions. The General Data Protection Regulation took effect in May of 2018. We don’t know yet what fines for the worst offenders will be, but they could amount to 4 percent of global turnover. The regulator could also force companies to suspend business if they aren’t satisfied the proper steps to protect data have been taken.

Loss of business. The June 2017 NotPetya attack aimed at the Ukraine caused material sales impacts for a number of global companies. They were simply collateral damage, the result of perhaps even just one user clicking on malicious links. Maersk has used the experience to warn others. They reported $265 million lost sales in a quarter following a 10-day period where the company was reduced to pen and paper while it reinstalled all of its IT systems.

Share price impact. Breached companies see immediate share price impact and underperform the market in the long term. An analysis by Comparitech of 28 breaches showed that these companies underperformed the Nasdaq by 4.6 percent over the first 14 days and by 11.35 percent over two years.

Lost productivity. Responding to cyber attacks weighs on your company’s performance. Production loss accounts for one-third of a company’s annualized costs due to cyber crime, the 2017 Accenture and Ponemon study found.

Executives are collateral damage. Companies that have suffered major breaches, like Yahoo!, Equifax, Target and Uber, often see the resignations of either their CEO, CISO and/or General Counsel.

Class action lawsuits. These are not limited to the US. We saw a firm threaten a group action suit against British Airways within days of the September 2018 data breach.