The Impact of operational disruption or destruction is a highly variable cost category that includes losses tied to manipulation or alteration of normal business operations and costs associated with rebuilding operational capabilities. Operational disruption or destruction.It was observed that, in the short term, the credit-rating agencies typically downgrade by one level companies that have experienced a cyber incident. Deloitte analyzed the credit rating of nine public companies (from the same industry and comparable in size) and observed an average Standard & Poor’s credit rating of A, and assessed these companies against companies that had recently suffered a cyber incident. Organizations appear to be perceived as higher-risk borrowers during the months following a cyber incident. Increased cost to raise debt occurs when, as a result of a drop in credit rating, the victim organization faces higher interest rates for borrowed capital, either when raising debt or when renegotiating existing debt. Deloitte conducted informal research among leading providers of cyber insurance and found that it is not uncommon for a policyholder to face a 200 percent increase in premiums for the same coverage, or possibly even be denied coverage until stringent conditions are met following a cyber incident.* According to our sources, factors that influence future costs may include: a willingness and depth of information provided by the policyholder upon review of the incident the policyholder’s plans to improve incident handling or other aspects of its security program anticipated litigation and assumptions concerning the company’s level of cybersecurity “maturity.” There is little public data available on actual premium increases following cyberattacks. Insurance premium increases are the additional costs an insured entity might incur to purchase or renew cyber risk insurance policies following a cyber incident. Given that impact, CFOs should be aware of the following seven hidden costs: In fact, in Deloitte’s scenarios, they accounted for less than 5 percent of the total business impact. And the research showed that the direct costs commonly associated with data breaches were far less significant than the “hidden” costs. For the intangible costs, various financial modeling techniques were used to estimate the damage (see “Assigning value to intangible losses”). Overall, the cyber report identified 14 business impacts of a cyber incident as they play out over a five-year incident response process-seven direct and seven hidden costs. A new Deloitte Advisory study, “ Beneath the surface of a cyberattack: A deeper look at business impacts,” recently outlined the depth and duration of cyber incidents in financial terms.² In this issue of CFO Insights, we’ll focus on seven costs that are not so apparent and why it is important to include them in calculating the total cost of a cyberattack. Beneath the surface, these attacks can have a much more significant impact on organizations and lead to additional costs that are both more difficult to quantify and often hidden from public view. Rarely brought into full view, however, are cases of intellectual property (IP) theft, espionage, data destruction, attacks on core operations, or attempts to disable critical infrastructure. And thanks to important work done in this area, the industry is generally converging on the calculation of a “cost per record” for consumer data breaches.¹ Discussions tend to focus on costs related to customer notification, credit monitoring, and the possibility of legal judgments or regulatory penalties. There are many ways a cyberattack can affect-and cost-an organization, and the impacts will vary depending on the nature and severity of the event.Ĭommon perceptions, however, are mostly shaped by what companies are required to report publicly-primarily theft of personally identifiable information (PII), payment data, and personal health information (PHI).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |