A cyber attack or hacking can take different forms. While data theft is the most well-known form of hacking, other types of cyberattacks exist.
Ransomware or denial of service, to name only the most frequent, refer respectively to the installation of malicious software to encrypt data or the saturation of systems to make them unusable. The objective of the attack is clear: to set up financial blackmail to obtain a sum of money.
The first key to good management of a cyber attack seems to be the speed of detection. On this point, companies are more and more armed and take it into account more and more in their IT strategy. In fact, according to FireEye's MTrends 2021 report, companies were detecting incidents in 24 days in 2020, twice as fast as in 2019.
Once a cyberattack is detected, the company will implement a strategy that will generally start with technical responses (disconnecting infected devices, applying security patches, etc.) and then transmitting information related to the incident.
The company must alert its teams, customers, and partners in order to ensure internal mobilization and anticipate problems of business interruption.
All the implemented measures will have irreparable consequences which will be characterized, in fine, by financial impacts for the company. At Padok, we offer to assist you in your forensic analysis of the attack to trace the attacker's path.
The response to a cyber attack will generate for the affected company a set of immediate financial impacts, but also indirect and longer-term repercussions.
Immediately, a cash impact is inevitable. The first cost center is related to the repair of the cyber attack and the implementation of temporary infrastructures to maintain the activity.
Here, two scenarios emerge:
Financial impacts directly on revenues can also be observed due to the demobilization of internal teams or the cessation of production and direct sales.
In 2017, NotPetya, a ransomware-type cyberattack, paralyzed several companies such as Saint-Gobain, Auchan or SNCF, with a loss estimated at $10 billion.
Another prominent example is Bénéteau, a French company and world leader in boat construction. In 2021, a very violent cyber attack forced them to close all their factories overnight, paralyzing production. The impact in terms of lost revenues is estimated at €45 million by Jérôme De Metz, the group's CEO.
From another point of view, a cyber attack depreciates the reputation of a company and the value of the brand. This can have an impact on valuation. The French Bessé study looks at the consequences for listed and unlisted companies.
For the former, we observe an average decline of 9% in the stock market price. But the repercussions are even more significant for the latter. In France, the risk of failure for small and medium-sized companies increases by 80% following a cyber attack.
If the risks and financial stakes of a cyber attack are tangible, the responses still seem inadequate. According to an IBM Ponemon Institute study, 80% of French companies do not have robust IT strategies.
Here are two initial avenues for action to overcome this lack of preparation for cyber security attacks:
Once the awareness and the inventory have been done, a roadmap will have to be defined within the IT strategy of the company by the DevSecOps teams in order to limit the risks of cyberattacks.
While the risks and financial stakes of a cyber attack are tangible, the responses still seem inadequate. According to an IBM Ponemon Institute study, 80% of French companies do not have robust enough IT strategies.
Suffering a cyber attack is generally a trigger for taking these risks into account in the cyber strategy. This strategy of reacting after the fact has a much more negative financial impact than anticipating and mitigating these risks upstream.