Understanding the full cost of cyber security breaches

Abstract

Media reports regularly highlight organisations that have experienced costly cyber attacks or other cyber security breaches. Such breaches can have far-reaching and long-running impacts, compromising systems and data, impacting relationships with customers, suppliers and partners, and in extreme situations becoming existential threats. As an example of the potentially significant costs involved, the cyber attack on TalkTalk, the UK telecommunications company, in 2016, is estimated to have cost up to £60m. 1 When organisations are breached, many will recognise that they have been impacted in some way. But new research suggests that organisations rarely understand the full cost. Steven Furnell of the University of Nottingham and Harry Heyburn, Andrew Whitehead and Jayesh Navin Shah at Ipsos MORI examine the range of potential direct and indirect costs organisations can incur, and the varying timeframes over which these costs come to light. And they offer a data collection tool that can support organisations to fully capture the cost of breaches.