Financial Crime World

9% of Businesses Suffering Cyber Extortion Report Losses Over €100,000

A recent study has shed light on the severity of cyber extortion attacks, revealing that nearly one in ten businesses reporting such attacks have lost assets worth over €100,000.

Study Findings

  • 94% of businesses victimized by cyber extortion reported not paying any money to the offenders.
  • More than 90% of businesses suffering unauthorized access to their IT systems or experiencing IT failure did not pay fines or compensation to injured parties.
  • While a majority of affected businesses reported no revenue losses, there were significant differences between the types of attacks:
    • 77% of businesses that experienced unauthorized access reported no loss of revenue.
    • 62% of those who suffered IT failure reported no loss of revenue.
    • 73% of those targeted by cyber extortion reported no loss of revenue.

Non-Material Harm and Internal Operational Disruptions

  • The study found that non-material harm was more common than material losses, with internal operational activities being the most seriously affected.
  • Fewer businesses reported harm to services to customers, reputation, and privacy, but between 35% and 45% of victimized businesses reported marginal or moderate harm to these areas.

Implications and Recommendations

  • While cybercrime may not be causing widespread financial devastation for many businesses, a minority of victims are suffering significant losses.
  • Further research is needed to understand how businesses protect themselves from evolving cyber threats.
  • Businesses must take proactive steps to protect themselves against cyber extortion, unauthorized access, and IT failure.

Awareness and Education

  • The study highlighted the need for greater awareness among businesses about cybercrime and its impacts.
  • Many respondents may not be aware of cyber incidents or the resulting harms and costs, or may not be willing to admit them in a survey.
  • As the cyber threat landscape continues to evolve, it is essential that businesses take proactive steps to protect themselves against these threats and mitigate the risks associated with cyber extortion, unauthorized access, and IT failure.