What is the True Cost of Cybercrime?

In recognition of National Cyber Security Awareness Month, we’ll be sharing content during October to increase awareness about cybercrime and how we can fight it. Stay tuned throughout the month for more!

Cybercriminals are using many different tactics, which are constantly evolving, to commit cybercrimes. In some cases, these attacks are targeted to a specific company or industry; however, the reality is that it affects businesses of any size, in any industry. Companies in the US alone are spending billions of dollars on cybersecurity each year, and this amount is growing exponentially. These costs include measures to prevent, detect and recover from cybercrime. Let’s take a closer look at what makes cybercrime so costly.

Internal Costs


Studies have shown the cost to prevent data breaches far outweighs the cost to recover from a successful breach. These costs include the people and tools to implement and perform risk assessments, security controls, monitoring, trainings and purchasing cybersecurity insurance.


One of a company’s most expensive cybersecurity costs is the detection of a successful breach. Detection costs include the (1) time spent attempting to assess the extent of attacks, and (2) time spent attempting to identify breaches sooner. As we discussed in Cybersecurity Breach 101, IT controls and better logging techniques are ways in which businesses can spend money on detection.

Investigation & escalation

Investigation costs are amounts spent learning about the attack itself. By investigating the attacks, cybercrime victims can discover where their weak points are, determine the scope of the attack, and define the initial steps they should take to respond. These costs vary based on the type of attack, the timing of the breach and the period of time the cybercriminal was able to access the system(s) and data.


Containment costs are amounts spent preventing the breach from getting any worse. For example, discontinuing the use of insecure software and ceasing other high-risk activities can help contain the breach.


Recovery costs are amounts spent regaining control of the breached systems and repairing the damages from the cybercrime. These costs may be simple patches and updates, or they may be complete system overhauls.

Ex-post response

Ex-post response costs are any amounts spent preventing future attacks. After completing an investigation, businesses will be better positioned to spend money on new technologies that better fit the needs of the company so that they can mitigate a breach in the future.

External Costs

Information loss or theft

Information loss is often the most costly external consequence of a security breach. It can take time and effort to notify those who were affected, and it may be impossible to regain control of that information again. Trade secrets or intellectual property that were leaked, for example, may lose their value all together, even if subsequently recovered and secured.

Business disruption

Business disruption is also one of the more costly external consequences of cybercrime. Denial of service, for instance, can cripple a company for extended periods, and damages to the technological infrastructure can take hours, days or even weeks to remedy. There is also the cost of diverting all attention internally to fixing the problem.

Equipment damage

This may surprise you, but physical damage to company equipment is an emerging consequence of cybercrime. While equipment damage is not a common outcome, it is theoretically possible and should be considered when assessing cybercrime costs. For example, malware could be installed on the system that controls a forklift or a conveyor belt that causes that equipment to malfunction or break.

Revenue loss

Revenue loss can take many forms – a company may lose revenue for the period of time its system was down; a company may lose current and future customers due to a tarnished reputation; fines may be administered to a company for the exposure of sensitive data; or, a company may lose stakeholders who have lost faith in the company’s ability to remain in control of its assets. Overall revenue loss is often hard to calculate because the value that each lost customer represents is difficult to ascertain.


As the result of the breach, stock prices typically see an immediate decrease. The impact to the stock price and the time to recovery is dependent on the company’s industry and the type of sensitive information that was leaked.

To read our first article in our cybersecurity series, which is all about preventing and handling a cybersecurity breach, click here