Business Interruption the Fastest-Growing Cyberattack Cost

A new study has found that the fastest-growing cost associated with cyber incidents is businesses interruption, reinforcing the need for businesses to have in place robust response and data restoration measures, particularly after a ransomware attack.

Between 2019 and 2023, the average cyber insurance claim that involved business interruption ended up costing 450% more than claims that had no lost income, according to the “2024 NetDiligence Cyber Claims Study.”

Business interruption can occur if a cyberattack like ransomware fully or partially disables a company’s operations or if a vendor suffers a cyberattack that forces the client company to suffer a loss or inability to operate.

The latter, known as “contingent business interruption,” can occur if a cyberattack cripples a supplier’s factory from producing a part that’s crucial for another company’s production operation.

The study also found that if business interruption is involved, the cost of all parts of a claim, such as crisis services and recovery costs, also increase.

For claims with no business interruption losses, the average cost of a cyber claim for small and mid-sized enterprises (SMEs) between 2019 and 2013 was as follows:

  • Crisis services: $96,000
  • Regulatory and legal: $24,000
  • Total incident cost: $205,000

 

However, for SME claims with a business interruption component during the same period, average costs were*:

  • Business interruption: $487,000.
  • Crisis services: $279,000
  • Recovery expense: $115,000
  • Total incident cost: $995,000

 

* There was no information on regulatory and legal costs for these types of claims.

For large companies, the average business interruption cost was $26 million, with total incident costs averaging $36 million in 2019-2023.

 

What you can do

First: Ensure that you have in place systems, policies and training to reduce the chances of your organization being hit by a cyberattack.

One of the study authors noted that many companies he deals with are woefully unprepared for a cyber event-caused business interruption.

“We continue to see SME clients transform their businesses to be more reliant on digital systems while failing to understand the inherent risks that come from complex digital ecosystems,” said Alden Hutchison, principal of global consulting firm RSM US LLP.

“This becomes very evident during the recovery process for a client where it’s clear they haven’t planned for resilience in their digital platform nor practiced operating their business processes during a crisis scenario,” he explained.

Experts recommend:

Disconnecting all networks. As soon as a threat is discovered, disconnect every vulnerable device from your network in order to keep the attack from spreading.

Regular back-ups. Back up critical data to a secure, offsite location to enable swift recovery in case of a cyberattack. Even better: Download your data on a daily basis to a hard drive that is not connected to you database or the internet.
But beware: Ransomware can have dwell times as long as six months, so malware might have been included in your archival backups. Before restoring, run an anti-malware package on all systems and drives.

Detailed planning. Create a detailed plan outlining response procedures to a cyberattack, including roles, responsibilities, and data recovery and restoration strategies. Also, prioritize in advance what data or systems needs to be recovered first, and when.

Continuous monitoring. Continuously monitor network traffic for suspicious activity to detect potential threats early and before they spread and threaten to take your entire system down.

 

Cyber coverage

Finally, you should have in place a cyber insurance policy. Most policies include coverage for both business interruption due to an event on your systems and contingent business interruption for a cyber event at a vendor or supplier.

You can often work with us to tailor-make your cyber policy to ensure it would cover your business’s specific needs.