The Real Cost of Cyber Attacks

Libby Marshall

cyber attacks. Person with digital locks surrounding them.

It is estimated that by 2025, the cost of cybercrime will reach $10.5 trillion annually, reflecting the growing scale of the immense business challenge and its potential impact on businesses across all industries.

While not all of this cost is directly attributable to attacks on individual companies, a significant portion will be experienced by businesses, ranging from financial losses, reputational damage, legal costs and recovery expenses.

In October OnTalent hosted a boardroom luncheon with key industry leaders to hear the very real story of a cyber attack with a focus on people. 

We asked the question, when under attack what is the real impact on people?  The organisations owners, shareholders, leaders, employees, customers, and of course the families of all of the above will be impacted.

Our guest speaker relived the day their 75 year old, global family business, was attacked with a ransom demanded.  More than 400 people and their families were impacted.  The owners and directors refused to pay the ransom.

Their commitment to not pay the ransom and not support this very real threat to the business was solid.  A decision they did not regret for one second, but a decision that would see the business and its people face a mountainous challenge that lasted four months.

Over lunch, we learned of the profound impact on the employees, both directly and indirectly. The impacts causing disruptions in their work, to their clients, job performance and productivity.  Greater still was the emotional stress and the impact on morale.

In our discussion, we discovered that leaders around the table were reporting to their boards that a cyber attack risk was quite low.  And our guest certainly had cyber attack registered as a low-risk item in their prior board reports.

What’s been made clear, is that every organisation and every business is at high risk of a cyber attack, and it is not “if” but “when” will an attack happen.  The key outcome was; cyber attacks should be listed as a high risk for all businesses and as such, cybersecurity is a key strategy to prioritise.

Preventing cyber attacks is a critical priority for businesses of all sizes, as the consequences of a breach can be devastating. Implementing a proactive cybersecurity strategy can significantly reduce the risk of an attack.

Here are twelve top tips to help prevent business cyber attacks:

1. Implement Strong Password Policies and Multi-Factor Authentication (MFA)
  • Passwords: Require employees to use strong, unique passwords that combine letters, numbers, and special characters. Encourage the use of password managers to securely store and manage these passwords.

  • Multi-Factor Authentication (MFA): Enforce MFA for all accounts that support it, especially for accessing critical systems and sensitive data. MFA adds an extra layer of security by requiring users to provide something they know (password) and something they have (e.g., a mobile device or authentication app).
2. Regular Software Updates and Patching
  • Cybercriminals often exploit known vulnerabilities in outdated software and operating systems. Regularly update all software, including operating systems, applications, and security tools, to ensure they are patched against the latest security threats.
  • Set up automatic updates where possible, and prioritize updates for critical software (e.g., antivirus, firewall, and other security applications).
3. Employee Training and Awareness
  • Employees are often the weakest link in cybersecurity. Regularly train employees on how to recognise phishing emails, suspicious links, and other common social engineering tactics used in cyber attacks.
  • Conduct simulated phishing exercises to test employee responses and reinforce security best practices.
  • Encourage employees to be cautious about sharing sensitive information, especially through email, phone, or unverified communication channels.
4. Use Firewalls and Antivirus Software
  • Ensure that your network is protected by a robust firewall that monitors and controls incoming and outgoing traffic based on predetermined security rules.
  • Install reputable antivirus and anti-malware software on all devices to detect and prevent malicious activity.
  • Configure the firewall to block unnecessary ports and services to reduce potential attack vectors.
5. Data Encryption
  • Encrypt sensitive data both at rest (when stored on servers, hard drives, or cloud storage) and in transit (when transmitted over the network).
  • Implement end-to-end encryption for communications, especially when sensitive data (e.g., personal, financial, or proprietary information) is being shared internally or externally.
6. Backup Data Regularly
  • Regularly back up critical business data and systems to a secure, offsite location or cloud storage. Ensure that backups are encrypted and periodically tested for integrity.
  • In the event of a ransomware attack or system failure, having a clean, up-to-date backup can minimise data loss and enable faster recovery.
7. Secure the Supply Chain
  • A cyber attack on a vendor or third-party partner can impact your organisation as well. Perform thorough due diligence on vendors and partners, ensuring that they have strong cybersecurity practices in place.
  • Use secure connections (e.g., Virtual Private Networks or VPNs) and set up appropriate access controls when interacting with third-party systems.
  • Include security requirements and breach notification clauses in contracts with suppliers and partners to ensure accountability.
8. Access Control and Least Privilege
  • Implement role-based access control (RBAC) to ensure that employees only have access to the data and systems necessary for their job responsibilities.
  • Use the principle of least privilege to limit users’ access to the minimum necessary level. This helps to reduce the potential impact of a compromised account.
  • Regularly review and update access privileges, particularly when employees change roles or leave the organisation.
9. Incident Response Plan
  • Develop and maintain a comprehensive incident response plan that outlines the steps your team should take in the event of a cyber attack or data breach.
  • Ensure that the plan includes clear procedures for containment, investigation, communication, and recovery.
  • Conduct regular cybersecurity drills to ensure that your team is prepared for a potential attack and can respond quickly and effectively.
10. Monitor and Detect Suspicious Activity
  • Implement continuous network monitoring to detect unusual or suspicious activity in real-time. Use security tools like intrusion detection systems (IDS) or Security Information and Event Management (SIEM) platforms to identify potential threats.
  • Regularly review logs from systems, applications, and devices for signs of unauthorised access or other anomalous behaviour.
  • Enable alerting for critical events to quickly address potential threats before they escalate.
11. Secure Remote Work and Mobile Devices
  • With the rise of remote work, ensure that employees working from home or on the go use secure connections (e.g., VPNs) when accessing company systems and data.
  • Implement security policies for mobile devices, ensuring they are encrypted, have strong password protection, and are remotely wipeable in case of theft or loss.
  • Use mobile device management (MDM) solutions to monitor and control access to corporate data from personal or remote devices.
12. Cybersecurity Insurance
  • Consider purchasing cybersecurity insurance to help mitigate financial losses in the event of a cyber attack. While it’s not a substitute for prevention, insurance can help cover costs related to data recovery, legal fees, and customer notification.

While no system can be entirely immune to cyber attacks, businesses can significantly reduce their risk by implementing a layered cybersecurity strategy. This includes strong technical measures, employee education, regular monitoring, and an effective response plan.

We all agreed, by staying vigilant and proactive, businesses can safeguard their sensitive data, protect their reputation, and minimise the potential impact of cyber threats.

Libby Marshall is currently Head of Client Services at OnTalent. Over her professional career, Libby has earned a reputation for working collaboratively with team members and experts to find the best and most effective pathway forward. Highly consultative and focused on sourcing the right information, knowledge, and advice to ensure intelligent and considered decision-making processes are followed. Strong understanding and awareness of international politics, worldwide economic trends and their influence and impact on global and APAC workforce trends.

Stay Connected

More Updates

Ontalent Connecting People & Purpose

SignUp To Our Talent Insights!

  • This field is for validation purposes and should be left unchanged.
This website uses cookies to ensure you get the best experience on our website.