The Cost of Being Unprepared for Cyberattacks

Though cyberattacks are in the news every day, Canadian companies as a whole, and SMBs in particular, are still taking a wait-and-see approach to implementing a formal cybersecurity strategy. In fact, in 2019, 20% of Canadian companies (45% of companies over 250 employees) reported a cyber incident. The true figure is very likely much higher because Canadian companies continue to under-report these attacks. This post will take a quick look at factors contributing to the slow adoption of formal cybersecurity strategies, as well as the cost of not taking a proactive approach.

Why Are We so Hesitant to Invest?

The simplest way to understand this is as a combination of behaviours; and organizational dynamics:

• Companies aren’t sure how to get started implementing a cybersecurity program – it‘s complicated, and there are hundreds of companies each pitching their own approach
• Cybersecurity is expensive, and many companies haven’t budgeted for the investment yet
• If they haven’t been hacked, many organizations aren’t convinced that the potential impacts justify the efforts and costs

Combine these three factors, and they create a pretty effective barrier to starting a conversation about developing and implementing a cybersecurity strategy. Now we understand the motivations of organizations who aren’t tackling cybersecurity head-on, but what about the cost of this wait-and-see attitude?

What Does a Data Breach Cost?

We’ve already established that if you are a Canadian company, you run a 1 in 5 chance of getting hacked this year, rising to nearly 1 in 2 if you have over 250 employees. Canada is definitely a target for cybercriminals. If you want to know more about why they target Canadian firms, you can check out this blog post.

But how much does a breach actually cost?:

• Globally, the cost of a data breach affecting more than 1,000,000 records is on average US$3.86 million
• The US has the highest average cost for data breaches, at US$8.64 million
• The Middle East came in second, with an average price of US$6.52 million
• Canada is the third highest, with US$4.5 million.

For SMBs, the news is even worse:

• A recent U.S. study of small businesses that were hacked showed that 60% of them went out of business within six months of the attack because the cost of the average hack against a small business is US$690,000, according to the U.S. National Cyber Security Alliance
• And that’s not all. Small businesses spend an average of US$955,429 to restore normal business in the wake of a successful attack
• Cyberattacks due to weak employee passwords cost US$383,365 on average

And these costs don’t include impacts like damage to your reputation, loss of customer trust, damage to partner relationships, compliance issues –the list goes on.

Is Fear of Negative Impacts Enough?

That is a question folks in the industry ask us all the time. “Isn’t risk aversion a strong enough motivator to make companies prioritize cybersecurity investment?” And the short answer is no – when you add in the lack of clarity around which cybersecurity strategies are effective and sprinkle in the high cost, many companies freeze. But we’re here to help folks get unfrozen.

Keep following this series because, in the next post, we’ll take a look at risk analysis, which is the most effective strategy for fast-tracking your cybersecurity strategy. Risk analysis allows you to quantify your actual risks and prioritize your investments to mitigate those risks in advance. To make sure you don’t miss out, sign up for our newsletter below.

Need Help? StreamScan is Here.

Whether you need help conducting a security audit, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with many years of experience who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.