Cost of Cyber Attacks are Skyrocketing

Cost of Cyber Attacks are Skyrocketing
According to a 2011 study by the Ponemon Institute, the cost of cybercrime in the US could range from $1.5 million to $36.5 million annually.
By Sheila Lam, Carol Ko
Features Jun 21st 2012

If your company were hit with a cyber attack today, how much would it cost? The entire bill -- including costs from regulatory fines, potential lawsuits, damage to your organization's brand, and hardware/software repair, recovery and protection?

It's a question you can't ignore, as the costs of online attacks are skyrocketing. According to a 2011 study by the Ponemon Institute, the cost of cybercrime in the US could range from $1.5 million to $36.5 million annually. A 2009 study by IT security company McAfee also estimated the cost of cyber crime reaches $1 trillion per year.

"Cyber attacks, often in the form of data breaches and network intrusions, can impact operations, frequently result in lost productivity, legal expenses, third party liabilities, exposed intellectual property, and damage to a firm's reputation," said Marc Breuil, Hong Kong president and CEO for US-based Chartis Insurance.

The ripple-effect in cyber attacks

"Hong Kong businesses are significantly unprepared for cyber risk," added Ian Pollard, Chartis vice president, Asia Pacific. "A corporate risk management framework needs to address exposure of data to attack, yet many risk managers in Hong Kong rarely evaluate cyber-risk."

In August 2011, Hong Kong Exchanges & Clearing, operator of the Hong Kong stock exchange, halted trading for eight companies -- including HSBC, Cathay Pacific, Dah Sing Bank, China Power, and HKEx --after its Web site suffered a malicious attack.

"We know from our research that cyber attacks can cause serious reputational damage," said Breuil. "A recent report suggested that over three-quarters of people would cease working with an organization in the event of a security breach, and the average share price drop in response to notifying the market of a network security breach is 5%."

Gigi Cheah, partner and Asia lead for Technology and Data Privacy, Norton Rose, said "There's an increasing awareness of the need to protect data, whether of individuals or companies, with corresponding strengthening of privacy and security legislation worldwide."

"The penalties imposed by these laws, for failure to adequately safeguard data, are also increasing," said Cheah. "Proposed changes to the EU data protection framework include a maximum penalty of 2% of an offending corporation's global annual turnover."

Source: Computerworld Hong Kong