In the aftermath of the worldwide havoc wreaked by WannaCry, the very real risk and cost of cyber attacks are at the forefront of public consciousness more than ever before.
While we’ve written about what a breach might cost a company in terms of fines and compensation before, a new report from the CGI Group and Oxford Economics suggests that the cost of cyber crime looks set to increase even further in the future.
The Impact of Cyber Crime on Shareholders
Taking samples across seven global stock markets of 65 different cyber attacks that have been classed as ‘severe’ or ‘catastrophic’ since 2013, the research looked at the impact of cyber crime on shareholders and company valuations.
The report found that, in the wake of a ‘severe’ or ‘catastrophic’ breach, share prices fell permanently by an average of 1.8%, leaving a typical FTSE 100 company around £120m worse off. Over the time period studied, the estimated cost of cyber crime to shareholders was at least £42bn.
Researchers also point out that these estimates are conservative; some of the companies involved in the study saw their company’s valuation permanently lowered by up to 15%.
It’s also worth taking into account that, under the current UK Data Protection Act, companies aren’t legally required to report data breaches. In fact, the VP of cyber security at CGI, Andrew Rogoyski, believes only 10-20% of breaches are currently reported, meaning that the real cost could be much, much higher.
Lost Shareholder Value
Of course, come May 2018, the new General Data Protection Regulation will come into effect and companies will have just 72 hours to inform both the relevant authorities and all data subjects who may have been affected by the breach.
This new level of public accountability and scrutiny is likely to see costs increase even further; Rogoyski estimates that, in the future, lost shareholder value across European markets could rise by as much as a factor of 10.
“We are beginning to see City analysts, venture capital firms and credit ratings agencies factor cyber security readiness into the way they assess firms,” he said.
“This is positive and should encourage boards across the world to treat cyber security as an enterprise-wide risk.”
De-scope Your Contact Centre
As Mr. Rogoyski says, the important thing for businesses to do now is to recognise the risk of cyber crime and act accordingly. PCI DSS compliance is the best way to ensure that both your business and your customers’ data is protected, but achieving full compliance doesn’t always feel like the easiest task.
If you’re looking for a comprehensive and easy way to ensure your business is PCI compliant, PCI Pal’s secure solutions are the answer. From Agent Assist to our other PCI Solutions, PCI Pal can help you de-scope your contact centre, reducing your risk of cyber attack and protecting both your customers’ data and your business’ future.