We tend to use the terms interchangeably, but it’s important to know how to protect your company against both types of cyberattacks.
Cyberattacks were up in 2019—32% of organizations reported more attacks than in the previous year, according to cybersecurity firm Herjavec. Those stats aren’t trending downward anytime soon, either: This chart illustrates how much cybercrime has risen over the past two decades, with breaches and hacks targeting not only small businesses, but also some of the largest tech and media companies in the world. An expanding remote workforce, plus a growing number of places online where we’re sharing sensitive information, means that bad actors (aka hackers, not your friends from theater camp) are having a field day.
Though we often conflate “data breaches” and “hacks,” the two terms have distinct meanings. Below, we break down both kinds of attacks and their financial impacts on data-driven companies so you can stay ahead of the game.
Hacks vs. data breaches
A hack is an intentional attack to gain unauthorized access to a device, server, or another protected IT resource. The purpose of a hack is to compromise the system’s availability, integrity, or confidentiality.
The attackers’ most common tools are stolen or brute-forced credentials, vulnerability exploits, and backdoors. Carried out by a single person or an organized group, hacks can be as simple as a social media account takeover or as complex as a targeted attack on a supply chain.
A data breach is a security incident that results in the confirmed disclosure of sensitive data—such as personally identifiable information (PII), login credentials, or intellectual property—to an unauthorized party. A data breach can be the result of a hack, another type of attack such as malware, or an error such as unintentionally leaving data in an unsecured environment.
The cost of a cyberattack
The numbers don’t lie, though in this case, we wish they would, just to soften the blow. Cybercrimes cost an estimated $945 billion in 2020 (about 1% of the global gross domestic product), up from $600 billion in 2018. Organizations spent another $145 billion on cybersecurity—bringing the total cost to $1 trillion for the year. The most expensive malicious data breaches are those that are the result of compromised or stolen credentials, costing nearly $1 million more than the average data breach ($3.86 million).
Aside from financial costs, there is much more at stake for companies after a cyberattack, including their reputation. Here are the many ways companies may be impacted:
- Financial costs: These costs include anything from incident response, remediation, and breach notifications to regulatory fines and civil lawsuits.
- Revenue or opportunity loss: Making up a large portion of indirect outcomes, these hidden costs include productivity losses and missed sales.
- IT systems downtime and business interruption: Ransomware and other attacks that take IT systems offline can affect both employees and customers, and some businesses report downtimes as long as 18 hours. Business interruption, such as unavailability of critical systems or disruption of customer-facing services, accounts for 60% of financial losses from cyber incidents. The average financial cost to an organization’s department due to downtime is $590,000.
- Damage to brand reputation and loss of trust: Rebuilding trust with your customers can take years. Breaches, hacks, and downtime all affect a brand’s reputation with its customers.
- Intellectual property theft: Espionage is especially prevalent in industries such as manufacturing and life sciences.