We have looked at the types of cyber threat that an organisation and individual would face. In this section we examine the scale of the
threats, financial cost and the impact it could have on an organisation. Estimates of the cost for cyber attack to businesses vary, with ENSIA identifying costs that varies from $474,000 to $22,000,000 per company per year.
The NCSC (National Cyber Security Centre), and the UK government take an annual survey of cyber security incidents, which gives some insight into how UK organisations are affected.
Headline Figures
According to the NCSC, over 2/5 of businesses suffered some form of cyber attack in 2017, with most organisations experiencing approximately 6 attacks in a year. However, some organisations experienced tens of thousands of cyber attacks during the same period.
It is interesting to note that organisations are more likely to face intentional breaches, with only 25% reporting that their most disruptive security incident was accidental.
The most common cause of these cyber attacks were Phishing and Social engineering, with 75% of the organisations surveyed reporting this form of attack. Interestingly around 30% of organisations also reported being impersonated by attackers, either in emails or through a website.
There was a fall in the number of Virus, spyware or malware infections, with only 25% of organisations reporting this, however Ransomware attacks were reported separately with around 15% of all organisations reporting a ransomware attempt as made.
Cost
The average cost to businesses was £3,100 for each cyber attack experienced. This may seem low compared to the headline figures from ENSIA, but the figures are based on individual breaches, compared to the yearly figures quoted in their study.
Links
NCSC Report
https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2018
ENISA Report
https://www.enisa.europa.eu/publications/the-cost-of-incidents-affecting-ciis/