The Cost of Cyber Security: The Finance Directors Handbook

The Cost of Cyber Security

The Finance Director’s Handbook

Tom Davies, Finance Director at CyberLab, reviews the cost of cyber security and why it should be a priority for CFOs and Finance Directors. He covers:

• • The financial and operational impact of a cyber incident
  • How investing in the right cyber security measures can reduce insurance premiums
  • The hidden costs of a data breach, from regulatory fines to reputational damage
  • Practical steps to enhance cyber resilience while maintaining cost efficiency

Underinvestment in cyber security poses a significant threat to your organization’s sustainability. The ‘State of Ransomware 2024′ report by Sophos reveals that 59% of organizations faced ransomware attacks in the past year, with recovery costs averaging $2.73 million – a 50% surge from the prior year. 

Recovery periods are often prolonged, with many businesses requiring weeks to fully restore operations. Reflect on the potential consequences for your company if critical systems were incapacitated for an extended duration.

The Cost of A Cyber Incident 

Underinvestment in Cyber Security could result in a breach that risks the future of your business. The average cost to recover from such an attack has risen to $2.73 million, a 50% increase from the previous year. When remote work is a factor in causing a data breach, the average cost per breach is $173,074 higher, underscoring the cyber security challenges in the evolving work landscape.

Recovery times can be also extensive, with many organizations taking weeks to restore operations – what would happen if your business couldn’t operate for a week, or even just a day?

Another cost to consider is that of potential fines. If material data breaches do occur, organisations are likely to be hit by fines from the ICO which can be issued up to £17.5m or 4% of turnover, whichever is higher.

In March 2024, the ICO published updated guidance detailing how it determines penalties and calculates fines for data protection infringements. This guidance aims to provide transparency and clarity for organizations regarding the ICO’s decision-making process when issuing fines. 

It’s not just the financial impact of a breach that organisations need to consider. Many organisations experience long term brand damage after a cyber incident. According to research by Varonis, as few as 6% of consumers will still purchase from a business following a data breach.

The Rising Cost of Cyber Insurance

Cyber insurance will help pay for financial losses that you may incur in the event of a ransomware attack or data breach. It also helps cover costs relating to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.

The cyber threat landscape continues to evolve, and the number of insurance claims continues to increase which is driven by the increasing threat of attack, in addition to attacks becoming more sophisticated which is resulting in increased downtime when breaches do occur.

The cyber insurance sector has undergone notable changes recently. Following significant premium hikes in 2021 and 2022, recent reports, such as Howden’s 2024 cyber insurance analysis, indicate double-digit premium reductions in 2023 and 2024. This trend is largely due to enhanced cyber hygiene practices among insured entities.

Strengthening your organization’s cyber security framework not only fortifies defences but can also result in more advantageous insurance premiums. A study in a Sophos press release states that 76% of companies have upgraded their cyber security protocols to qualify for insurance coverage, demonstrating that insurers are rewarding improved security measures.