Cybercrime Will Cost You More Than You Think

In a time of economic uncertainty, many businesses are looking to shave off fat and tighten their belts wherever possible. That means there’s no room for error in anyone’s budget for anything unexpected and a limited pool of resources for emergencies. Unfortunately, one of those possible emergencies can easily be a damaging cyberattack, and that’s a bill that no one wants to get. When looking at the cost of cybercrime in old-fashioned dollars and cents, the dismal statistics paint a clear picture of why businesses must take every action to reduce their risk, build powerful defenses and strengthen their cyber resilience to survive in today’s dangerous threat landscape.


The cost of just one cyber attack can be far too much for a business to bear. It can also come back to haunt the unfortunate victim for a long time to come, wreaking havoc on a company’s budget for several years in a row. Only a little over half of the total cost of a cyberattack is paid upfront. The rest comes due down the line, with another quarter arriving about a year after the incident, and the rest coming due two or more years later. Worldwide, cybercrime costs small and medium businesses more than $2.2 million a year.


Many businesses aren’t in any way prepared (or are grossly underprepared) for a cyberattack and they’re not doing anything about it. A report in Security Intelligence details the scope of the problem. A shocking 18% of businesses that they polled ranked defense against cyberattacks as the least important factor in their company’s success. Two-thirds of senior-level decision-makers said they didn’t believe the small- to mid-sized businesses (SMBs) for which they’re responsible would fall victim to a cyberattack, and that’s a dangerous assumption that could put them out of business.


A single successful cyberattack can decimate a company’s budget in unexpected ways. Just figuring out how a cyberattack happened can cost an average of $15,000 for SMBs. Lost productivity adds up, reducing revenue and increasing things like payroll expenses without a return. SMBs spend an average of $955,429 to restore normal business in the wake of a cyberattack, yet 83% of small businesses haven’t put cash aside for dealing with a cyberattack. Just looking at a common attack and the costs associated with it in news stories, like the Colonial Pipeline incident, can serve as a stark reminder of cybercrime’s budget-busting power.


Any organization that falls victim to ransomware is looking at big bills. The cost of investigation, remediation, and recovery can be enormous. The cost of ransomware incidents worldwide is expected to exceed $265 billion by 2031. Companies that choose to pay the ransom won’t save any money either. The average ransom demand in Q1 2021 was $220,298 – 40% higher than the same time in 2020,  Gangs often use double or triple extortion malware that allows them to demand multiple ransoms to release the victim from multiple ill effects, like encrypted data and encrypted production lines.


The FBI’s Internet Crime Complaint Center (IC3) compiles an illuminating report every year that showcases the cost of cybercrimes beyond a data breach. This report is drawn from their investigations spurred on by complaints to the Bureau’s Internet Crime Complain Center in any given year. In the media, ransomware is typically portrayed as the star of the show when it comes to cyberattacks. But it only accounted for 1% of cybercrime loss according to IC3. The real star of the show was business email compromise, and attack that their experts pegged BEC as 64 times worse than ransomware for a company’s bottom line.


FBI cybercrime analysts determined that business email compromise (BEC) schemes were the costliest cybercrime reported to IC3 in 2020, clocking in at 19,369 complaints with an adjusted loss of approximately $1.8 billion. An astonishing $2.1 billion in actual losses spawned from business email compromise attacks against O 365 and GSuite users.  All told, BEC was responsible for 37% of all cybercrime losses last year, pulling down an estimated unadjusted total of $2.1 billion.


The rest of the list features larger numbers of reports and all the players that you’d expect to see like ransomware and spoofing, but those attacks packed nowhere near commensurate financial damage to BEC. Phishing in general slotted in at number two for total adjusted loss with 241,342 complaints that added up to over $54 million. While ransomware appears surprisingly far down the list, the number of ransomware incidents reported to the FBI also continues to climb, with 2,474 incidents reported in 2020. IC3 was careful to note that it doesn’t receive a report on every cybercrime that takes place in a year, and its data is only accurate in terms of the cybercrime reported to IC3 by a victim.


IC3 Cost of Cybercrime 2020 Statistics


No security incident is ever free, and companies have less budget to spend on cyber attack prevention than they did just a year ago. In the wake of the COVID-19 pandemic, 62% of IT departments are tightening their budgets in 2021 and they expect that to be the case in 2022 as well. Yet cybercrime is increasingly prominent. Even if a company repels an attack, they’re still going to shell out a few extra dollars on investigation and other IT expenses. But that’s a sharp contrast to the budget bomb that hits businesses that fall prey to a successful hit from a cybercrime gang. These attacks will devastate your business and take you to the cleaners – and they’re a blow that many companies will not recover from.


Data Breach Costs Are At An All-Time High

A data breach has never been affordable, and that won’t change anytime soon. Cybercriminals are hungry for data to sell in the hot dark web data markets. In the 2021 IBM/Ponemon Annual Cost of a Data Breach Report, researchers noted a steep climb in the dollars and cents part of the price that companies pay if they experience a data breach, and it’s not happy news. The average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study. Cyber insurance prices are rising accordingly,  up by 56% in the US and 35% in the UK.  Many insurers are placing restrictions on the coverage that companies can buy, and insiders point to ransomware as the culprit behind those restrictions. Cyber insurance giants like AXA have announced that they will no longer underwrite cyber insurance policies to reimburse companies for ransomware payments after cyber attacks


Phishing Has Never Been More Expensive

Phishing is becoming even easier for cybercriminals with Phishing-as-a-Service putting phishing campaigns just a few clicks away for anyone with enough cryptocurrency. Another Ponemon Institute study looked at the costs of phishing, which are steadily increasing each year. The study found that in an average-sized U.S. corporation of 9,567 people, that lost productivity translates to 63,343 wasted hours every year. Each employee wastes an average of 7 hours annually due to phishing scams. Based on an earlier study on the cost of key or credential compromise, we estimate a total of 2,050 hours of tech time investigating and responding to one compromise or 10,906 hours estimated over the next 12 months. Assuming an average annual rate of $63.50 for tech support, we estimate a total annual cost of $692,531, an increase from $381,920 in 2015 ($62).


Ransomware Costs Are Climbing

While cybercriminals are cleaning up in ransomware operations, businesses are paying the price and it is steep. Companies impacted by ransomware lose an estimated average of six working days, and 37% of them experience downtime of one week or more. Any organization that falls victim to ransomware is looking at big bills. The cost of a ransomware incident including investigation, remediation, and recovery worldwide is expected to exceed $265 billion by 2031. That isn’t a bill that any organization can afford to pay. The exorbitant cost, lost revenue, and reputation damage that a business suffers in the wake of a ransomware incident can easily be too much for many businesses to survive – 60% of companies go out of business within 6 months after a cyberattack.


Email Security Failures Are Budgeting Disasters

The reasons that businesses cite as to why they aren’t making security a priority vary, but they all offer a snapshot of the growth inhibitors that will crush a strong security culture and damage a company’s cyber resilience. Close to a third (32%) of SMB respondents to a 2020 study named a lack of budget as the greatest barrier to digital security., and 3 out of 4 small businesses surveyed said that they don’t have and can’t afford the personnel to address IT security. Sometimes it’s also just pure ignorance on the part of business owners that aren’t familiar with cybercrime and don’t understand the damage that it can do to a business. About 25% of small business owners in a recent cybersecurity awareness survey didn’t even realize cyberattacks would cost them money.


Use Security Solutions That Are a Great Value in More Ways Than One

Industry experts say that a small business’s cybersecurity budget should be at least 3% of a company’s total spending. But sometimes the budget may not even stretch that far. If you’re trying to do more with less, ID Agent’s robust digital defense solutions family is bursting with sensible yet sophisticated solutions featuring multipurpose functionality. This affordable innovation gives IT professionals the tools that they need to prevent cyberattacks as well as providing an amazing value that looks great to your accountant.

  • Dark Web ID – Don’t let cybercriminals sneak into your network to snatch your data with a compromised credential. Get the power of 24/7/365 human and machine-powered on your side monitoring employee passwords, business and personal credentials, domains, IP addresses, and email addresses.
  • BullPhish ID – Protecting a business from cybercrime starts with protecting it from phishing. Educate staffers on how to spot and stop the latest threats including phishing, ransomware, compliance, password safety, and more.


Be sure to contact us for an evaluation of your current cyber stance and avoid the costly results.