If your organization fell prey to a ransomware attack and was down for a week while systems were being restored, what would the productivity losses be? How much would that loss impact the bottom line?
From the archives of the Wall Street Journal, the article One Year After NotPetya Cyberattack, Firms Wrestle With Recovery Costs describes the impact the NotPetya Cyberattack had on both FedEx and Merck & Co. FedEx reported expenses tied to the malware to exceed .6% of 2018 revenue ($400 million / 65,450 B) while Merck put their costs at 1.5% of 2018 revenue ($670 million / 42,294 B).
The New York Times also took a look at the impact of this same attack on the international food giant Mondelez. “…..Even with teams working around the clock, it was weeks before Mondelez recovered. Once the lost orders were tallied and the computer equipment was replaced, its financial hit was more than $100 million ….” You can read the article here Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.
Although a malware infection may not impact an SMB to the scale discussed in the articles above, it can have serious consequences. In the event of a cybersecurity breach, there are several risk factors beyond productivity losses to consider when putting a response and recovery plan together. Some of them are:
- Restoration Costs – The possibilities include: hardware, software, staff time and materials, outsourced expertise
- Lawsuits | Fines
- Fraud, and
- Reputational Damages
If you are tasked with putting together a response and recovery plan in place for your organization, Mainstream Technologies offers several resources that can help to put a framework together for your specific business.
Resource Examples
Be Prepared: Put a plan in place to recover and respond in the event you become a victim of cybercrime – WEBINAR | Overview of the planning exercise business leaders can take to prepare for recovering and responding to a cyber attack or data loss.
NIST Respond and Recover Planning Worksheet – PDF | Worksheet to provide a framework for putting a plan for responding and recovering from a cyber event