Yet because of these blooming developments, cyberattacks are booming too. According to a 2022 IBM report, data breach costs have broken records, now costing an average of $4.35 million per breach, compared to the $3.86 million IBM reported for 2020. These damages, moreover, are exceeded by the average cost of phishing, at $4.91 million per attack, and of ever-rising ransomware, at $4.54 million per attack (on top of the cost of ransomware itself). For the manufacturing industry, in particular, Rabobank found that in 2022, as many as one in five companies was likely to experience a cyberattack, compared to the one in 8,000 to experience a fire or the one in 250, a burglary. As a recent Forbes article noted, to Benjamin Franklin’s statement that nothing in life is certain except death and taxes, we must now add a third certainty: cyberthreats.
Hacking may once have been the relatively innocuous handiwork of bored nerds in basements, but today’s criminal digital adversaries are professionals. On the dark web, transnational cybercrime syndicates have their own HR departments, advertising jobs (vacation days included) and recruiting specialists. These individuals can infiltrate, conduct reconnaissance on, and negotiate ransom with victims, while an extensive network of affiliates undertakes the infection and encryption processes and a help desk coordinates the financial transactions. State actors have come to weaponize cyberattacks, adding fuel to already flagrant geopolitics. All threats concern technical disruptions that could jeopardize business continuity, but many will inevitably erode public reputation and consumer trust.
However, just because cybercrime has officially transitioned from the ranks of startup to scaleup, doesn’t mean organizations can stall their IT modernization journeys. They must not get caught in the brinkmanship between cyberthreats and security. Rather, they need fit-for-business security. In other words, cybersecurity is no longer the job of a single team or toolkit. It, too, has scaled up to become a full-time issue impacting and impacted by everyone in the organization.