Money down the toilet. The devastating cost of a cyber incident

Most Australian businesses have thankfully moved on from the ‘she’ll be right, it won’t happen to me’ mentality of cyberattacks. Because they know it will – it’s just a matter of when.

But for many, the reality of how much it costs to recover from a cyberattack hasn’t yet sunk in. So, let’s have a look at what happened to Clorox late last year.

We all know Clorox (at least you will do if you’ve ever cleaned a toilet with Clorox, applied a Burt’s Bees lipstick, or wiped down a bench with a Chux cloth). Clorox employs over 8700 people, and their revenue in 2023 was US$7.5 billion. So, they’re a huge and successful company – but that’s not the point. The point is that despite their size and sophisticated technology, they’re as vulnerable to a successful cyberattack as any small home-grown Aussie business. So, what happened to them can happen to you, except you may have a tougher time digging your way out of the financial and reputational hole you find yourself in.

It’s cost Clorox US$49 million (so far) to remediate the impact of its 2023 cyberattack. It was a biggie. The attack caused significant disruption to its operations; production levels were impacted, and consequently, it didn’t have as many products available to customers. And as toilets still needed to be cleaned and benches to be wiped, loyal users turned to other brands – perhaps never to return to Clorox.

A big part of the US$49 million Clorox forked out included the costs of pulling in third-party consulting services to find out how the bad actors got into their network infrastructure and to repair the damage.

Yes, Clorox is a big fish and a prime international target for cybercriminals. But as an Australian business, you’re no safer just because we’re so far down under.

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), aka the Australian Government’s technical authority on cybersecurity, released its ASD Cyber Threat Report 2022-2023 in November 2023, which discussed increased attack numbers – and the outcomes.

Small Australian businesses averaged a financial loss of $46,000 per cybercrime, medium businesses lost $97,200, and large businesses (possibly due to more on-hand expertise) $71,600. This includes the cost of ransom payments, lost revenues to business downtime, remediation, legal fees, and audit fees. But what these losses don’t capture is the cost to your hard-won reputation through a data breach and a potential increase in cyber insurance.

Reputational damage may be harder to measure than other costs, but it is real. It’s difficult to claw your way back from losing or exposing a customer’s or partner’s data.

Over and above the cost of potential fines if you fail to secure and report your data correctly is the cost of customer loss. According to research conducted by secure payments provider PCI Pal, 43% of Australian consumers claim they’ll stop spending with a business for several months in the immediate aftermath of a security breach. And 43% say they’ll never return to a business post-breach. Ouch.

In Harvard Business Review’s 2023 article ‘The Devastating Business Impacts of a Cyber Breach,’ they report that “publicly traded companies suffered an average decline of 7.5% in their stock values after a data breach” and that it took an average of 46 days to recover their stock prices to pre-breach levels – if they were able to do so at all. What’s even more worrying – if that’s possible – is that the ripple effect of a cyberattack can cause up to 26 times the loss for your business ecosystem.

If your eyes weren’t watering before, we are sure they are now.

While cyber insurance is a great and wonderful thing, it comes at a cost relative to risk.  Case in point: Cybersecurity news site DarkReading reported that in 2021, insurers doubled premiums to offset losses from ransomware claims.

Although premiums plateaued for a while, the more active global threat landscape that faced us all in 2023 means you can expect cyber insurance costs to rise again in the next 12 to 24 months.

While you might expect it to be your company or organisation, in fact, it’s not.

The Ponemon report says that 60% of organisations that experienced data breaches subsequently raised their prices. And we’re guessing that’s not endeared most customers to brands they’ve supported for years either.

At Colton Computer Technologies, we’re dedicated to helping keep your costs down and ensuring your cybersecurity does what it’s supposed to: minimise risk and potential losses and protect your valuable reputation.

So, give us a call. We can help.