Average cost of cyberattack rises 11% in 2023 to $1.7m: S-RM

The average direct cost of a cyberattack climbed 11% in 2023 to $1.7m, with the figure for global firms without insurance up to $2.7m, according to cybersecurity consultancy S-RM.

Publishing its annual Cyber Security Insights Report, S-RM says companies without cyber protection face an “increased risk” from attacks.

At the same time, a survey of insurance buyers reveals that higher premiums are the leading factor for the increase in cyber incident costs among 37% of respondents. This was followed by operational downtime at 36%, and recovery and response costs for 32% of organisations.

S-RM says 30% of companies with revenues of between $500m and $1bn experienced a ransomware attack in 2023, while 40% of larger companies with revenues of between $10bn and $25bn incurred a cyber incident this year.

Jamie Smith, head of cybersecurity at S-RM, says larger firms carry more risk of attack, given greater volumes of data and broader operational footprints.

“It almost goes without saying that the larger the organisation, the bigger the target it has on its back. However, most of these sizeable companies will have much more expansive budgets that they could, and should, be putting towards cybersecurity. Paying a regulatory fine, facing increased premiums, or recovering from downtime all carry a far higher cost than ensuring you have adequate cyber budget allocated,” Smith says.

Paul Caron, head of cyber security in the Americas at S-RM, adds that cyber insurance has become essential: “For many companies and organisations, cyber insurance has far exceeded being just a ‘nice to have’, and our most recent data shows exactly why it is so essential to be properly insured against cyber incidents and data breaches. Premiums may be rising but without adequate insurance, the regulatory, reputational and downtime risks are far higher – businesses must take note.”

Back to top button