Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Deloitte Identifies 14 Business Impacts of a Cyberattack

Published by Gbaf News

Posted on August 10, 2016

7 min read

Last updated: January 22, 2026

Add as preferred source on Google

Young stylish businessman analyzing cyberattack impacts for financial security - Global Banking & Finance Review — A young, stylish businessman reviews the financial impacts of cyberattacks, highlighting the importance of cybersecurity in business. This image reflects Deloitte's insights on mitigating risks from cyber incidents.

Deloitte: Current market valuation of cyber incident impact is grossly underestimated

While cybersecurity is one of the most prevalent issues of our time, the resulting impact of a cyber incident is still largely unproven. Recognizing the need of business leaders to have clarity around the enterprise-wide effect of such events, Deloitte the global leader in cyber risk advisory services, released: “Beneath the surface of a cyberattack: A deeper look at business impacts,” a risk-based report outlining the depth, and duration of cyber incidents in financial terms.

“Executives have difficulty gauging potential impact partly because they are not typically privy to what their peers struggle with as they work to get their businesses back on their feet. An accurate picture of cyberattack impact has been lacking, and therefore companies are not developing the cyber risk postures that they need,” said Fadi Mutlak, partner, Enterprise Risk Services, and cyber security leader at Deloitte in the Middle East.

“This report is an effort to help leaders broaden their thinking on the potential consequences of a cyber incident. This is particularly important in the Middle East, which we view as being on “High-Alert” given the additional dimensions of threat that include; geo-political instability, our perceived economic wealth making us a prime target for cyber criminals, and our above average malware infection rates. With a fuller picture of what may be at stake, they can better shape cyber risk programs to protect their organizations’ strategic interests, and ultimately improve the organization’s ability to thrive in the face of cyberattacks.”

The “Beneath the surface of a cyberattack” report was created by Deloitte’s Cyber Risk practice in tandem with the organization’s leading forensic and investigations, and business valuation services. Looking at two samples cyberattack scenarios, the report demonstrates a model to quantify potential damage, and identifies 14 business impacts of a cyber incident as they play out over a five-year incident response process. The scenarios illustrate some of the many ways a cyberattack can unfold and both clearly illustrate that the road to business recovery can be far more drawn out, more complex, and more costly than imagined.

14 business impacts of a cyber incident:

Above the surface: well-known cyber incident costs

Customer breach notifications
Post-breach customer protection
Regulatory compliance (fines)
Public relations/crisis communications
Attorney fees and litigation
Cybersecurity improvements
Technical investigations

Below the surface: hidden or less visible costs

Insurance premium increases
Increased cost to raise debt
Operational disruption or destruction
Lost value of customer relationships
Value of lost contract revenue
Devaluation of trade name
Loss of intellectual property (IP)

“Rarely brought into executive and board conversations around cyber risk are the costs and consequences of IP theft, cyber espionage, data destruction, or business disruption, which are much harder to quantify and can have a significant impact on an organization,” commented Mutlak. “Our intent is not to scare executives into thinking that all cyber incidents will be more costly than they think. It’s to give them a better understanding of their specific risks so they can make more informed decisions that are aligned with their business strategies.”

Deloitte’s study also reveals that:

The direct costs commonly associated with data breaches are far less significant than the “hidden” costs. In Deloitte’s scenarios, these account for less than five percent of the total business impact.
The time horizon over which impact is felt is far more protracted than is often anticipated. In Deloitte’s scenarios, costs incurred during the initial triage stage of incident response account for less than 10 percent of the rippling impacts extending over a five-year period.
Over 90 percent of cyberattack impact is likely to accrue in categories that are intangible. Given that these are less studied and more difficult to quantify, organizations can be caught especially unprepared for these “costs” in areas such as operational disruption, impact to trade name and loss of intellectual property.

“The ability to quantify intangible damages is especially important in anticipating business impact. In many cases, an approach based on tallying actual recovery costs that hit the balance sheet would paint a significantly distorted picture of the cost to business performance,” added Mutlak.

Deloitte: Current market valuation of cyber incident impact is grossly underestimated

While cybersecurity is one of the most prevalent issues of our time, the resulting impact of a cyber incident is still largely unproven. Recognizing the need of business leaders to have clarity around the enterprise-wide effect of such events, Deloitte the global leader in cyber risk advisory services, released: “Beneath the surface of a cyberattack: A deeper look at business impacts,” a risk-based report outlining the depth, and duration of cyber incidents in financial terms.

“Executives have difficulty gauging potential impact partly because they are not typically privy to what their peers struggle with as they work to get their businesses back on their feet. An accurate picture of cyberattack impact has been lacking, and therefore companies are not developing the cyber risk postures that they need,” said Fadi Mutlak, partner, Enterprise Risk Services, and cyber security leader at Deloitte in the Middle East.

“This report is an effort to help leaders broaden their thinking on the potential consequences of a cyber incident. This is particularly important in the Middle East, which we view as being on “High-Alert” given the additional dimensions of threat that include; geo-political instability, our perceived economic wealth making us a prime target for cyber criminals, and our above average malware infection rates. With a fuller picture of what may be at stake, they can better shape cyber risk programs to protect their organizations’ strategic interests, and ultimately improve the organization’s ability to thrive in the face of cyberattacks.”

The “Beneath the surface of a cyberattack” report was created by Deloitte’s Cyber Risk practice in tandem with the organization’s leading forensic and investigations, and business valuation services. Looking at two samples cyberattack scenarios, the report demonstrates a model to quantify potential damage, and identifies 14 business impacts of a cyber incident as they play out over a five-year incident response process. The scenarios illustrate some of the many ways a cyberattack can unfold and both clearly illustrate that the road to business recovery can be far more drawn out, more complex, and more costly than imagined.

14 business impacts of a cyber incident:

Above the surface: well-known cyber incident costs

Customer breach notifications
Post-breach customer protection
Regulatory compliance (fines)
Public relations/crisis communications
Attorney fees and litigation
Cybersecurity improvements
Technical investigations

Below the surface: hidden or less visible costs

Insurance premium increases
Increased cost to raise debt
Operational disruption or destruction
Lost value of customer relationships
Value of lost contract revenue
Devaluation of trade name
Loss of intellectual property (IP)

“Rarely brought into executive and board conversations around cyber risk are the costs and consequences of IP theft, cyber espionage, data destruction, or business disruption, which are much harder to quantify and can have a significant impact on an organization,” commented Mutlak. “Our intent is not to scare executives into thinking that all cyber incidents will be more costly than they think. It’s to give them a better understanding of their specific risks so they can make more informed decisions that are aligned with their business strategies.”

Deloitte’s study also reveals that:

The direct costs commonly associated with data breaches are far less significant than the “hidden” costs. In Deloitte’s scenarios, these account for less than five percent of the total business impact.
The time horizon over which impact is felt is far more protracted than is often anticipated. In Deloitte’s scenarios, costs incurred during the initial triage stage of incident response account for less than 10 percent of the rippling impacts extending over a five-year period.
Over 90 percent of cyberattack impact is likely to accrue in categories that are intangible. Given that these are less studied and more difficult to quantify, organizations can be caught especially unprepared for these “costs” in areas such as operational disruption, impact to trade name and loss of intellectual property.

“The ability to quantify intangible damages is especially important in anticipating business impact. In many cases, an approach based on tallying actual recovery costs that hit the balance sheet would paint a significantly distorted picture of the cost to business performance,” added Mutlak.