Damage to digital assets
In order to operate, businesses now have an incredibly high dependency on their systems, and criminals know that. By either damaging or threatening to damage a firm’s digital assets, attackers know that they can extort money from the victim who might prefer to pay a ransom rather than see the business grind to a halt. And even after paying up, the victim is often left with systems that are unusable and costly to fix.
In some cases, there may be no financial incentive for the attacker at all. In the same way that criminal damage to property doesn’t always have a financial incentive, damage to digital assets doesn’t need one either. Claims for theft of funds are actually very easy and quick to quantify, but for theft of data claims, the financial impact can vary depending on the nature of the data compromised and how much of it was stolen.
The costliest part of a cyber event is often responding to the incident. For example, if an attack has compromised a company’s computer network, then IT specialists are needed to stop the attack, protect against further immediate threats, and work out what has been stolen. There is then a financial cost associated with limiting reputational damage, notifying clients or customers whose data has been stolen, and offering them identity theft protection solutions if necessary.
Damage to digital assets claims can be easy to determine if there is an extortion demand that the victim has paid (the amount of the claim is the cost of the ransom), but the cost is more difficult to assess if we’re talking about the cost of IT specialists to rebuild systems or data – which might only be calculated after the work is completed.