Economics Online

How Cybercrime Affects the Prices We Pay for Goods and Services

EconomicsOnline -

Before the digital age, pricing used to be much simpler. Total operating costs (OPEX) would include salaries, rent, utilities, marketing, and a few other fees, as well as taxes.

However, since the expansion of the online world, cybercrime has exploded. Cybercrime generates enough turnover to count as the world's third-largest economy. The annual cost of global cybercrime is expected to reach an almost inconceivable $10 trillion by 2025. Here at home, over 50% of UK businesses have identified breaches or attacks in 2023/4.  Almost two-thirds of the victims were small businesses. Including attacks that have so far escaped notice, the actual figures may be far higher.

The losses have to be recouped from somewhere. As a result, businesses have had to add a new item to their OPEX budgets: the cost of cybercrime. They face a false choice of either spending a fair amount on preventing cyber attacks or, almost inevitably, paying the higher cost of cleaning up the mess when cybercrime hits.

The Impact of Cyber Harm in the UK

The internet is heaving with secret but constantly present cyber battles. Every business sector is a target for phishing, malware, and ransomware attacks. Some industries encounter denial-of-service (DoS or DDoS) attacks that can disrupt operations and lead to data leaks.

Professionals have to fend off cyber espionage and intellectual property theft. The retail sector has to defend against point-of-sale (POS) malware. The industrial and infrastructure sectors must counter industrial control systems (ICS) attacks. Incidents can halt production and cause a ripple effect of delays, shortages and price fluctuations all the way down the supply chain.

When retailers and distributors have to pay more to stock their shelves or deliver services, someone must pay for the losses. Suppliers have to raise prices to pass on the cost of their cybersecurity battles.

The Direct Costs of a Cyberattack

If a business doesn't have a cybersecurity plan, an attack can hit it with a frightening price tag:

  • Incident Recovery includes hiring cybersecurity experts to clean up systems and strengthen defences. You may have to upgrade or even replace hardware and add software. Afterwards, you'll have to provide cybersecurity training for your staff.
  • Ransom Payments: In the UK, Russian attackers wanted a £65 million ransom from the Royal Mail. The incident recovery cost £10 million.
  • PR/Crisis Management: Extra marketing and PR costs. You may need specialists to manage a data breach disclosure in a way that protects your company's reputation.
  • Operational Disruption: Downtime means a loss of productivity.
  • Legal and Regulatory Penalties: In the UK, fines for data breaches can reach up to £17.5M or 4% of global turnover.
  • Legal Challenges and Compensation: Customers may sue you for risking their data.
  • Stolen Intellectual Property includes the loss of proprietary designs or technologies.

And then there's the indirect, long-term cost of a damaged brand. If customers stop trusting you, it could cause long-term brand loyalty loss, plummeting sales, or cause your company's market value to drop.

Invest a Little, Save a Lot

The cost of preventing cyber-attacks and incidents can be high, but it is a necessary business expenditure. Companies dare not underspend or leave it all to chance. They have to invest in a cyber security strategy. It gets added to the cost of doing business, and consumers will have to pay the price.

Paradoxically, the fear of cybercrime can drive businesses to spend more on cybersecurity, which could also contribute to increased prices.

Either way, cybercrime is going to cost you money.

Basic Cybersecurity Tools for Every Business

Basic cyber hygiene always costs far less than dealing with the aftereffects of a cyber attack.

1. A firewall provides a first line of defence against attacks.

2. Antivirus and anti-malware software protects against known malware and viruses.

3. Virtual private networks (VPNs): There's little point in using secure data storage or end-to-end encrypted platforms if your employees use unsafe WiFi or home networks to access your secure tools. VPNs create an encrypted internet connection, protecting the data transmitted between devices. It prevents cyber criminals from intercepting sensitive information in transactions, like stealing employees' logins. A VPN service will add protection when they use your data storage and communication platforms online.

4. Cybersecurity awareness training will help your staff identify phishing emails and other threats and reduce the human error factor.

5. Multi-factor authentication (MFA) forces users to have a second form of authentication (like a fingerprint or a one-time PIN) before logging in to user accounts.

6. Phishing and email security tools such as spam filters, link protection, and email encryption tools can reduce the number of threats from spam and malicious emails.  

Additional steps to consider include:

  • Endpoint Detection and Response (EDR) tools monitor endpoints (phones and laptops) in real-time to detect vulnerabilities, exploits, and other threats.
  • Intrusion Detection and Prevention System (IDPS) tools monitor network traffic for suspicious activities.
  • Security Information and Event Management (SIEM) and Data Loss Prevention (DLP) tools can detect and block potential breaches.

Start With the Basics

Large or small, every business should have an overall cybersecurity plan. A small investment can prevent expensive breaches and is easier to budget for. A modest regular expense will help businesses to keep their prices competitive. Smaller companies can start with the basics, such as VPNs and antivirus software, and then concentrate on growing a company culture of cyber awareness. Since human error plays an outsized role in cyberattacks, increased awareness will go some way toward compensating for the lack of sophisticated software.