How much can your organization afford to pay to end a cyberattack? How long can it last with operations shut down? What if the amount you pay represents just 5% of the total financial impact to your business for years to come and the balance isn’t covered by insurance?

Yes, it all sounds a bit hysterical and for good reason. The frequency and cost of cyberattacks are increasing rapidly. It’s estimated that a cyberattack occurs every 11 seconds, at an average cost of $22 million in 2022. According to Cybersecurity Ventures, global cybercrime costs will reach $6 trillion this year and $10.5 trillion in 2025. That doesn’t even get into the $170 billion companies are spending to defend operations against attacks.

You may think that because your business is small, it’s not worth a cyber criminal’s time – think again.

Manufacturers are among the most vulnerable because of their reliance on digital technology and the internet. While they’ve flown under the radar because of more lucrative targets like financial and institutions and insurance companies, a recent report by IBM identified manufacturing as the most targeted industry for cyberattacks in 2021. Almost one in four cyberattacks targets a manufacturer.

As TechTarget notes, “Cybercrime can affect a business for years after the initial attack occurs. The costs associated with cyberattacks — lawsuits, insurance rate hikes, criminal investigations and bad press — can put a company out of business quickly.”

Consider these stats:

• “The average cost of downtime caused by ransomware between 2018 and 2020 has grown from 46,800 dollars to 283,000 dollars per incident, which is about a 7× increase.” (Source: CEOWorld Magazine)
• “It takes an average of 287 days for security teams to identify and contain a data breach, according to the ‘Cost of a Data Breach 2021’ report releasedby IBM and Ponemon Institute.” (Source: TechTarget)
• “For a smaller business, a ransom is often $3,000 to $10,000, or sometimes as large as $100,000. For large companies, ransoms are typically in the millions.” (Source: Association of Equipment Manufacturers)

As reported in Deloitte’s CFO Insights, a new Deloitte study – “Beneath the surface of a cyberattack: A deeper look at business impacts” – shows direct costs account for less than 5% of the total business impact of a cyberattack. Hidden costs are much higher and add up over several years. They can include insurance premium increases of 200%; a short-term credit rating downgrade resulting in higher interest rates; costs to repair equipment and facilities, additional resources to support business continuity, and losses due to inability to deliver goods and services; damage to customer relationships; devaluation of trade name; and loss of intellectual property ranging from trade secrets and copyrights to investment plans.

When weighing the expense of building up cyber security versus the potential cost to your business, make sure you’re weighing all the potential factors – especially the hidden ones.

If you need more data to justify your investment in cyber security, here are several resources:

2022 IBM Security X-Force Threat Intelligence Index

CISA Insights on Cyber Threats to Manufacturing

Accenture’s State of Cybersecurity Resilience Report 2021

World Economic Forum’s 2022 Global Risks Report

Trend Micro Incorporated’s The State of Industrial Cybersecurity

For more information about resources to help your manufacturing organization with cyber security, visit another RBT CPAs thought leadership article: Is Your Manufacturing Operation Cyber Secure?

Finally, if you’re interested in learning more about the tax and accounting side of building your cyber security, give us a call. RBT CPAs has been serving clients in the Hudson Valley for more than 50 years.