Companies, organizations and public institutions are increasingly exposed to the risks of cyber attacks. These threats not only jeopardize the confidentiality of information, but also lead to significant business interruptions and cause considerable financial damage.
The damage is so high because IT now permeates the entire company and many areas are affected by a failure. If e-mail, telephone, office applications, logistics, production and sales systems are affected at the same time, business operations come to a standstill in many areas, usually for a long time. This means that the issue is not just a task for IT, but also for CEOs and directors.
It is very important to minimize the risks, but also to be prepared for the worst-case scenario, as there is no such thing as 100% security. These measures affect all areas of the company or organization and generate effort and costs. To help CEOs and CFOs better recognize their necessity, the costs of cyberattacks are compiled here in relation to the expenses. And: every company gets hacked at some point ...
yearIndustryHQRevenueEmployeesType
2024County administrationUSACyberangriff
Ransom payments:$ 350,000
Sources:Washington County pays $350,000 ransom after cyberattack
2023Hospital ITCanadaCyberattack
Remarkable impacts:Some nurses could not read cursive writing With the loss of IT, work was organized with pen and paper. However, it turned out that some younger nurses were unable to read cursive writing because it was only an optional part of lessons at school.
Sources:Cursive confusion: The unforeseen side effect of a hospital cyberattack
2023HospitalGermanyCyberattack
Incident review:Podcast: Uniklinik sucht Hackerbombe
2023Chemistry, household goodsUSA$ 7.1 b8,700Cyberattack
Date:August 2023
completed / attempted:completed
Emergency mode:Manual ordering and processing procedures at a reduced rate of operations
Forensic investigation:Supported by external experts
Impact on business operations:Extensive interruptions to business operations
Delays in order processing and significant product outages
Costs:$ 49 m by the end of 2023, further costs expected
Sources:Form 10-Q Quarterly report
2023County administrationUSAFraud
Use of a false identity with a similar e-mail address; change of account details; transfer of $1.16 million to the fraudsters' account; $612,000 recovered.
Lost through fraud:$ 551,000
Sources:Scammers get $1.1 million from St. Johns County
2023Leasing companyGermany€ 33.26 b2,845Cyberattack
Costs:Mid single-digit million Euro amount for recovery and consultants
Lost revenues:Approx. € 200 m
Sources:Sparkassen-Tochter Deutsche Leasing hält Neugeschäft stabil trotz Hacker-Angriff
2023Church associationUSAFraud
Fraudulent emails, money transfer
Lost through fraud:$ 700,000
Sources:UPDATE: Convention Leadership Statement Regarding Financial Fraud
2023BiotechGermany€ 751 m4,482Cyberattack
Date:April 2023
Immediate actions:Systems connected to the outside world were switched off
Impact on business operations:Interruptions in many IT systems in several countries
Temporary interruption of research and production activities
Productivity impaired in Q2 and Q3
Other impacts:Exclusion from share indices because annual report could not be published on time
Recovery costs:€ 43.9 m after 5 months (EUR 11.9 million external consultants, legal advisors, EUR 32.0 million internal expenses)
Sources:Zwischenmitteilung für die ersten neun Monate 2023
2023OutsourcingUK£ 2.642 bn50,000Cyberattack
Costs:£ 25.3 m
Sources:Full Year Results 2023
2023MediaSwitzerlandCyberattack
Incident review:Kriminelle Hacker greifen die NZZ an und erpressen sie. Das Protokoll einer Krise
Podcast: Wie die NZZ gegen die Cybermafia kämpfte
2022City governmentGermany2,400Cyberattack
Following an alert of an imminent attack on the city administration's IT systems, the systems were taken offline and examined. No data theft was detected.
Date:December 2022
completed / attempted:attempted
Immediate actions:Disconnection from the Internet after notification of imminent attack
Forensic investigation:Review of IT infrastructure by external experts by mid-January, no evidence of attack or data leakage
Impact on business operations:No Internet, no e-mail
Business applications not available
No online appointment bookings
Also affected:Public utilities, housing association, clinic also temporarily disconnected from the Internet
Duration of the impact:After 2.5 months, the systems were fully restored at the end of March 2023
Recovery costs:€ 1.8 m after 8 months
Sources:IT-Systeme der Landeshauptstadt wieder vollständig online
Angedrohter Cyberangriff auf Potsdamer Rathaus kostet die Stadt Millionen
2022School districtUSA21,000 studentsCyberattack
Ransom payments:$ 250,000
Recovery costs:$ 442,000
Sources:Little Rock School District tallies cyberattack’s cost
Ransom for data approved by Little Rock School Board
2022University of Applied SciencesGermany1,300 + 15.000 studentsCyberattack
Incident review:Cybervorfall an der FH Münster im Juni 2022 - Vortrag Prof. Dr. Sebastian Schinzel
2022City governmentUSACyberattack
Fraudsters hijacked a city email account and used it to divert a payment of $1.47 million intended for a housing project. The incident was noticed when another payment was to be diverted a short time later.
Lost through fraud:$ 1.47 m
Sources:City of Portland identifies fraudulent financial transaction, launches cybersecurity investigation
City of Portland continues cybersecurity investigation, pays affordable housing provider for stolen $1.47 million
2022LogisticsUSA$ 17.1 b20,000Cyberattack
Recovery costs:$ 18 m (primarily consulting)
Other costs:$ 47 m additional demurrage in ports
Lost revenues:Cannot be quantified
Sources:Annual report 2022
2021MediaUSA$ 6.134 b11,500Cyberattack
Ransomware in October 2021; the company estimates that it will have a loss of at least $11 million after insurance proceeds,
Recovery costs:$ 11 m
Lost revenues:$ 63 m lost advertising
Sources:Form 10-K (Annual report)
2021County administrationGermanyCyberattack
Costs:€ 2.5 m
Sources:Ransomware kostete Anhalt-Bitterfeld rund 2,5 Millionen Euro
2021PackagingUSA$ 18.7 b49,900Ransomware
Recovery costs:$ 29 m (primarily professional fees)
Lost revenues:$ 50 m
Insurance benefits:$ 67,2 m
Sources:Form 10-K
2020Local governmentUK4,500Cyberattack
Recovery costs:$ 15 m
Sources:The Untold Story of a Crippling Ransomware Attack
Cyber attack recovery effort cost Hackney Council over £12m last year
2019UniversityGermany5,500 + 28,000 studentsCyberattack
In December 2019, Justus Liebig University in Giessen was hit by a cyber attack. The university managed to get important systems back up and running in a relatively short time. Excellent external communication was maintained during the downtime. In addition, the events were thoroughly documented.
Date:December 8, 2019
Type of attack:Ransomware
completed / attempted:completed
Perpetrators:Ryuk
Immediate actions:Disconnecting from the Internet, shutting down servers and storage systems
Crisis Management:Establishment of a crisis team
Situation meetings with the management level
Crisis Communication:Temporary homepage
Social Media, Youtube
Authorities, third-party funders by letter
Establishment of internal crisis hotlines
Internal information sessions
Internal circular mails
Press conferences
Emergency mode:Provisional e-mail addresses for important contacts
Replacement mail system
Temporary operation of computers without a network connection
Forensic investigation:With external consultants
Affected IT infrastructure:Exchange mail system
Server infrastructure for desktop virtualization
Part of the network drives
300 client systems
Windows domain
Around 130 Windows-based, mostly virtualized server systems
Impact on business operations:No Internet, e-mail, internal networks
Duration of the impact:Important systems were put back into operation by January.
However, the effects were felt well into 2020
Recovery:Rebuilding the Windows domain
Scan of 6,000 Windows-based end devices for malware
Importing data backups
Resetting the passwords of 38,000 user accounts. Reassignment primarily via personal collection, in exceptional cases via Video-Ident.
Ransom demands:No claims made
Recovery costs:€ 1.7 million directly attributable to damage management
Incident review:#JLUoffline. Der Cyber-Angriff auf die Justus-Liebig-Universität Gießen im Dezember 2019 (License: CC BY 4.0)
Important insights:Especially in the initial phase, it was not possible to separate internal and external communication
Consistent maintenance of an FAQ on the homepage prevented the spread of false information
Responding to the numerous inquiries on social media was time-consuming, but necessary.
Scan of an end device very time-consuming (several hours)
External help was needed because the internal personnel resources of the university computer center were not nearly sufficient
2019ClothingDenmarkFraud
Business Email Compromise, false identities, money transfer to wrong account
Lost through fraud:$ 1 m
Sources:Dansk regntøjs-gigant mister syv millioner ved stort hackerangreb
2019Hearing aidsDenmark$ 2.2 b20,500Cyberattack
Costs:$ 11.3 m
Lost revenues:$ 86.3 m
Effects on EBIT:$ 82 m less in 2019
$ 15.0 - 22.5 m less in 2020
Sources:Årsrapport 2019
2016HospitalGermany1,400Cyberattack
Recovery costs:€ 900,000 Consulting costs for IT security experts
Incident review:So verlief die Ransomware-Attacke im Lukaskrankenhaus
900.000 Euro Gesamtschaden durch Cyberattacke
Bert Kondruss
Author:
Bert Kondruss
Founder and managing director of KonBriefing Research

About KonBriefing Research

KonBriefing is an independent researcher and analyst in the field of IT security, information security, risk management and compliance. The company was founded in 2019 and is based in Germany.
Known from ...

Cyber attacks worldwide

Cyber attacks worldwide
(Click the image to open)