Cyber crime. What’s the real cost?
Cyber crime is costing NZ SMEs more than they know.
Connectivity. It’s fundamental to running almost any kind of business in New Zealand today. We live undoubtedly in the cyber age – a culture where computers, computer networks, information technology, the Internet, the Cloud, and now virtual reality, are commonplace in our offices, homes, and even our pockets.
We all hear about it in the mainstream media when yet another large global corporate or organisation is hit by online hackers. But when do you recall hearing of a local business being the target of a phishing or ransomware attack? It’s happening right now, everyday in New Zealand – it’s the hidden cost of cyber crime.
Here are some real stories of local cyber crime claims:
Ransomware – Cost $78,000
Law firm with turnover of $2M and eight staff. Their server and client records were locked by ransomware software. The files were released after paying a ransom of $50,000 to the hackers. $20,000 was paid out for the claim for loss of income, the ransom demand, including consultant’s costs to advise on handling and negotiating the ransom, and costs to restore the network, as the hackers still refused to release the files despite payment of the ransom.
Employee Error – Cost $150,000
An online retailer emailed a group of customers to promote a sale with a special discount offer. The retailer intended to attach a copy of the flyer detailing the discounts, but instead attached a spreadsheet that contained a customer list including their names, addresses and credit card information. The retailer had customers in the US and was required to notify all affected customers of the error and offer credit monitoring. Several affected individuals also filed suits against the retailer. The error resulted in credit monitoring costs of $50,000 and legal fees, plus nuisance settlements of $100,000.
Data Breach – Cost over $2,100,000
A leading supplier of Managed Services (including IT platform hosting), providing infrastructure and support services to numerous clients, had an extensive mainframe that was partitioned and configured to specific client requirements. An attacker implanted malicious software tools on the company’s mainframe and used ‘masking techniques’ to conceal their IP address and steal customer data. $1,200,000 of the total cost was for data recovery and business income loss.
Malware – Total paid $35,625
A professional services firm, operating a network of 22 computers, had real-time anti-virus software installed on all its servers and desktops. Satisfactory risk management and preventative measures were all in place. But a virus infection was discovered on some computers, which spread through the network. Initial attempts to eradicate the virus by their IT provider were unsuccessful, necessitating the wiping of and reinstalling of every networked computer. The costs included forensic examination, data restoration and lost revenue.
What can we learn?
- Don’t be over confident with online security
- One opened email could shut down your business
- Human error can still thwart the best IT protection
- Faster Internet also means faster virus downloading
- Data is of great value in the wrong hands
- You can insure against the cost of Cyber Crime and Privacy Protection breaches.
Business owners and directors have statutory and governance responsibilities to protect the company data they have, including the personal details of their employees, customers and suppliers. Compromised IT systems can also cause significant reputational damage.