29 January 2021

The financial cost of cybercrime

Cybercrime can have a huge impact on business finances, and they aren’t always the most obvious. We look at what those financial implications may be and how you can protect your business.

The average annual cost of a cyber attack to UK businesses in 2018/19, was £4,1801. With threat levels increasing and business systems becoming more and more digitised and connected, the risks to businesses are also growing. Cybercrime isn’t just about stealing information and it isn’t just targeting large organisations or those that are digitally focused. It’s about causing disruption, achieving financial gain, with even the smallest businesses and those not particularly invested in technology at risk.

The immediate cost of cybercrime

Let’s consider some examples:

  1. If you’re a small café and your payment system is breached so you’re unable to accept card payments, you obviously risk losing revenue (particularly as non-cash payments increase). At the same time, however, you’ve already paid your suppliers and you’re still paying your staff, so that will also affect your cash flow.
  2. If you’re a tradesperson and your business email is compromised and you make a payment to a supplier that is diverted to a cybercriminal’s account instead, you have lost funds, and your supplier hasn’t been paid on time. That could threaten future supplies, damage supplier relationships, hurt your cash flow and potentially stop you from undertaking or completing a job.
  3. If you’re a manufacturer who’s invested in technology to optimise your production and you fall victim to a ransomware attack, your whole production line could be brought to a standstill. That will affect your cash flow, certainly, but it could also affect your business’ reputation and your credit worthiness.

The implications are clear and serious. Direct costs of falling victim to cybercrime may include the very immediate impact of loss of access to systems or services, which prevent you or your staff from doing their jobs, loss or damage to equipment or data, as well as the loss of revenue from customers being unable to access your products or services.

The price of recovery

However, businesses also need to account for the cost of recovery. Costs to investigate an attack or repair or replace hardware or software affected can quickly increase, especially as businesses need to act rapidly to restart normal operations. There may also be unexpected costs, such as the need to bring in additional staff to operate things manually, or to communicate with customers.

In the longer-term, the costs of a cyber-attack can escalate still further. Delays to work being carried out as you regroup can lead to delays in payments, customers may be due compensation, reputational damage may be incurred, or intellectual property lost. Any breach that leads to theft of or compromises customer data could also lead to financial penalties under GDPR, and individual industries may face regulatory fines or reprisals.

The impact of a cyber-attack on smaller businesses – whether it succeeds in its aim or not – can be devastating. If your cash flow is tight and you have few cash reserves and no immediate access to liquidity, keeping the business operating until normality resumes can be challenging, even without factoring in possible additional costs. That’s why it’s important to protect your business, plan what you’d do if the worst happened, and prepare your response.

Top tips for reducing the financial impact of cybercrime on your business

  1. Protect your business
    • Install and keep security protection and software updated
    • Ensure passwords are robust and changed regularly
    • Be aware of what a cyber-attack might look like and train staff to spot any issues
  2. Plan your actions
    • Create a risk assessment that identifies any key processes and operations and potential risks
    • Back-up any important data
    • Consider whether insurance might be worthwhile
    • Create an action plan and communicate it across your business.
  3. Prepare to respond
    • Test your plan to make sure it works and identify any gaps
    • Keep an eye on your cash flow and reserves to ensure you have a buffer wherever possible or access to funding in the short-term
    • Consider alternative payment methods or suppliers to keep business operational
    • Report any attack or potential attack to Action Fraud.

For more information on how to protect your business from a cyber-attack, visit our cyber crime hub.

1 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/875799/Cyber_Security_Breaches_Survey_2019_-_Main_Report_-_revised.pdf

Related Articles

Tomorrow Ready

Access tools, resources and insights to help get your business fit for the future.

Articles also tagged with

Cybercrime: Creating a culture of responsibility

Making your business cyber-secure takes more than downloading some anti-virus software. The key to cyber security is having a ‘cyber-responsible’ company culture, not only to prevent a cyber-attack on your business but also to minimise the effects of an attack if it does happen.

Virtual card solution keeps travel business moving

With business hit hard by the COVID-19 pandemic, The Travel Company Edinburgh was in urgent need of a smooth way to keep cash flowing. HSBC’s solution put the company back in control as it adapts to thrive in new circumstances.

Improving sustainable practices from plant to package

There are a variety of different routes you can take in making your business more sustainable and improving the impact your company has on workers, society and the environment. Pai Skincare is one example of a company that’s thoroughly scrutinising its entire business model in its drive towards sustainability.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.

You are leaving the HSBC Commercial Banking website.

Please be aware that the external site policies will differ from our website terms and conditions and privacy policy. The next site will open in a new browser window or tab.