CD: Are you observing any trends related to how a company may be financially impacted by a cyber incident? What are the primary value drivers behind the economic impact – and are companies giving this enough thought?

Mossburg: We have found that enterprises often focus their remediation planning and efforts on the costs commonly associated with data breaches. These costs include things frequently discussed – above the surface – such as the immediate technical investigation, public relations and litigation fees, to name a few. Companies should shift their thinking to consider the less obvious consequences of an attack which can have a much more significant impact to the organisation, such as intellectual property (IP) theft, data destruction, interruption of core operations or critical infrastructure. The challenge lies in the ability to identify and quantify these impacts and the toll they take over time. We suggest an integrated approach that combines financial quantification with valuation techniques and a deep understanding of the business impacts a cyber incident can potentially have on an organisation.

Jan-Mar 2018 issue

Deloitte Risk and Financial Advisory

Deloitte & Touche LLP