Time is a factor, so it’s time that counts.
Cyberattacks are stressful for IT teams, leading to more work and concerns from the C-suite over security. But for companies and organizations who are the victims of attacks, the cost of a successful attack can be measured in more than just the cash they may have to spend to reclaim their data in ransom attacks. The loss of productivity, the hours (or days) of IT repair, and rising insurance premiums amount to a price that’s difficult to stomach.
The magic number. To Grant Geyer, CSO at Claroty, the increased costs he’s seeing specifically in the OT and IoT spaces are indicative of how cyber-crime can affect the bottom line. The danger of attacks on systems connected to physical infrastructure makes the danger of such ransomware breaches even more problematic, Geyer told IT Brew, because of what it could mean for future costs.
“What really stands out to me in this report is the fact that it’s not just that the companies are being targeted—their cyber physical systems are being targeted,” Geyer said. “And that’s important, because on one end is the network, but on the other end is a valve, or a boiler, or a production line, or a patient. So, there’s the ability to cause damage in the physical world.”
A Claroty survey of 1,100 security professionals worldwide found that 45% saw financial damage of at least $500,000 in the last year from cyberattacks to cyber-physical systems (CPS); 27% reported impacts of $1 million and up. Respondents said that the financial impact came from lost revenue (39%), recovery (35%), and paying employees for their overtime costs to repair or manage the damage.
Tread water. Adding to the complications from cyberattacks is a rise in cyber insurance rates. In a webinar for Egnyte, Plexus Groupe VP Lynn Ambrose said that the cost of breaches to businesses are adding to an existing problem. Ransomware losses of millions of dollars add up to a problem that costs billions of dollars, and companies that aren’t fully protected are taking a risk.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“These threat actors are good—if they find something that sticks, they’re gonna stick with it,” Ambrose said, adding, “it’s really important to make sure that obviously your insurance policy is well-rounded.”
Culprits for attacks were predictable, Claroty found—82% of respondents pointed to third-party vendors as accountable for at least one breach in the last year. As IT Brew has reported, third-party vendors as a source of security weakness have become a cause for concern to IT teams and the C-suite alike over the past year.
“Without being involved in their security processes, you can only hope they are doing it right,” Outpost24 Head of Threat Intelligence Operations Victor Acin told IT Brew in an email this past July.
Much more. At least as predictable were the solutions to the problem. Claroty’s Geyer said that though there’s been “slow yet steady and important progress” on managing the threat surface, there’s still work to be done. That can be seen as an opportunity, he added, one that allows IT teams to make changes.
“The more that that security teams or boards can help shine a spotlight onto challenges that exist, or challenges in peer organizations, it can very quickly move the plant team from a position of ignorance to where they realize that they’re compelled to act, because there’s a risk that they until that point have done nothing about,” Geyer said. “It’s both a huge risk, but also a big opportunity area, framed correctly.”