The Cost of Cybercrimes

Home » Blog » The Cost of Cybercrimes

The Opportunity Cost of our Choices:

A report published in October 2019 highlights the financial impact of cyber security attacks and the statistics surrounding those incidents.

Banking, utilities and automotive industries had the highest average costs of cyber crimes in 2018, each one reaching between $16 & $18 million.

Average Annual Cost of Cybercrime by Industry

While banking related crimes were likely mostly due to network intrusions, that’s not necessarily the case for the utilities and automotive industries.

Utilities and their maintenance are heavily based on asset management, which relies on proper communication between electric signals and the PLC controller.

When the intrusion reaches the PLC level, companies have an extremely difficult time detecting attacks and restoring processes. The same applies to the automotive industries – one example can be manufacturing factories. The amount of established processes those factories rely on is almost immeasurable and even a slight deviation from the proper commands at the PLC level would result in millions of dollars wasted in faulty products.

 

Accenture also reported what percentage of companies invest in cyber security and the financial savings associated with protecting their assets:

Almost 30% of “security Intelligence and threat protection” companies don’t have the proper technology. And the gap widens for the “automation, AI and machine learning” industries, where the potential savings surpass $2 million and yet only 38% of companies apply the protection needed.

 

Cyber Attack Trends:

With cyber attacks on the rise, the technology required to protect and secure assets becomes  increasingly important. In the graph below, we see the large jump between 2016 & 2017, and an even larger leap between in 2017 & 2018.

We expect even more surprising figures for the 2019 report.

An increased frequency of significant cyber attacks coupled with advanced hackers and not enough security measures leads to each cyber incident being more dangerous, with higher potential consequences.

 

 

 

Budget Trends:

The SANS Institute 1 estimated that an average company will allocate 3%-10% of their IT budget for information security. Expanding upon this, analysts at the SANS Institute expect the Industrial Control Systems security market to grow from €7.68 billion in 2016 2 to €11.8 Billion by 2022 3 . SIGA has created a new and unique method monitoring (a. hardware component placed at the critical infrastructure, b. Advanced analytics and machine learning platform that monitors low-level electric signals to detect early stage cybersecurity threats and operational anomalies in ICS-SCADA systems) which will not only take some of the existing players’ market share, but will bring about an expansion of this market to include industries that did not qualify for such monitoring through other systems.

In all, the total market size of the Unified Monitoring and security technology is estimated to be approximately 4% (1%+3%) of the total IT market. The Operational Technology market was estimated at €23.20 billion in 2016 4 and is expected to grow to €34.5 billion by 2022. 5 Therefore, 4% translates into a market of approximately €1 billion today which will grow to €1.37 billion by 2022.

Combined with both the Cyber-Security markets and the Predictive Maintenance Technology market, this brings the total available market for the SigaPlatform™ to €3.6 billion in 2018 and €10.67 billion in 2022.

 

Room for Intrusion & Attacks:

So, why do companies allow themselves to be vulnerable to cyber security threats if they understand the financial loss, not to mention potential loss of private data and even human life?

Some reasons include:

  1. Companies don’t understand how to prevent an attack – after all, most of the network protection solutions can be hacked at the PLC level
  2. Companies don’t allocate budget to security unless it’s a must – often times, the budget is allocated after an attack has taken place
  3. Companies believe they are not a target – if you’re not anyone’s enemy, must you protect yourself from potential threats?

But here’s the thing: every company is at risk for a cyber attack or machine malfunction. Millions of dollars are wasted each year recuperating assets and restoring processes because of the lack of proper asset management.

 

Contact us to discuss the rest of the report and what that means for your business.