article banner

Cyber attacks cost global business $300bn+

One in six businesses have experienced a cyber attack in the past year

New research from Grant Thornton reveals that cyber attacks are taking a serious toll on business, with the total cost of attacks globally estimated to be at least US$315bn* over the past 12 months. The Grant Thornton International Business Report (IBR), a global survey of 2,500 business leaders in 35 economies, reveals that more than one in six businesses surveyed faced a cyber attack in the past year. With high-profile security breaches and hacks becoming more prevalent, nearly half of firms are putting themselves in the firing line with no comprehensive strategy to prevent digital crime.

According to the IBR, 15% of businesses say they have faced a cyber attack in the past year. Businesses in the EU (19%) and North America (18%) have been most heavily targeted. However, no region has been immune. The Australian Cyber Security Centre recently raised concerns about the level of attacks there, while hacks into customer databases affected the Planned Parenthood Federation of America. Regionally, cyber attacks are estimated to have cost Asia Pacific businesses $81bn in the past 12 months, while firms in the EU ($62bn) and North America ($61bn) are also counting the significant cost of attacks.

Estimated loss of business revenue to cyber attacks


Further analysis of the results reveals that the average cyber attack costs businesses 1.2% of revenues. But despite the clear risk, only just over of half of firms surveyed (52%) said they currently have a cyber security strategy in place.

Paul Jacobs, Global Leader of Cyber Security at Grant Thornton, said:

“Cyber attacks are an increasingly significant danger for business. Not just cost in a financial sense, but serious reputational damage can be inflicted if attacks undermine customer confidence: just ask Ashley Madison. Despite this, nearly half of firms still lack a strategy to deal with the cyber threat.

“Businesses cannot afford to be behind the curve on this threat. Cyber attacks can strike without warning and sometimes without the victim being immediately aware. The pressure from customers and clients cannot be ignored. In this digital age, rigorous security and privacy is expected. If this cannot be guaranteed the ultimate risk is they will simply go elsewhere.”

Grant Thornton’s research reveals that the sector most concerned by the threat of a cyber attack is financial services (74% of business say it is a threat) – this is also the sector with the joint-highest recorded instances of cyber crime (26%). At the other end of the spectrum, only 10% of transport firms globally have reported a cyber attack in the past 12 months and just 27% perceive it as a threat.

Where businesses are implementing cybersecurity strategies, the number one driver cited is client/customer demand (44%). 42% of businesses have implemented a strategy because of an increased use of automation and other emerging technologies which could leave them exposed.

Paul Jacobs added:

“Many of the perpetrators of cyber attacks are sophisticated, heavily resourced criminal organisations. As the digitisation of business continues, it is vital that businesses take the cyber threat as seriously as the criminals attempting to attack them. Otherwise, cyber attacks will continue to escalate in frequency and scale."

“Vigilance alone won’t keep businesses safe. Proactive measures are needed. This is an issue which needs to be on the agenda in boardrooms as well as IT departments. Management teams need to be driving cyber strategies which boost awareness of the threat among all staff, and of the policies and procedures in place to deal with the threat. Just as critically, clients and customers also need reassurance that effective controls are in place.”

- ends - 

*Based on IBR estimates of total business revenues lost to cyber attacks.