How did they arrive at £200 billion?
Given the size of the number, we asked Grant Thornton how they calculated it. They told us that the figure came from the latest Grant Thornton International Business Research report and said the methodology was:
We asked 2,500+ business leaders in 35 economies about the impact of cyber attacks on their operations through the International Business Report (a Grant Thornton International Ltd property). We asked businesses the following questions through the IBR:
- Has your business faced a cyber attack over the past 12 months? [Yes, No]
- What impact did this attack have in terms of revenue loss? [None, 1-2%, 3-5%, 6-10%, 11-25%; 25%+]
- We then calculated the total percentage revenue loss by taking the mid-points from each response group [0%; 1.5%; 4%; 8%; 18%; 25%]
- We then multiplied this by global business revenues which are calculated as double global economic output (the multiplier of 2 was verified by Oxford Economics)
- Where at least 50 businesses had suffered a cyber attack (APAC, EU, North America), we calculated regional figures available based on share of global economic output.
The impact on businesses
The Grant Thornton press release looked at the data across three regions – Asian Pacific, EU and North America. The figures that it has produced are pretty shocking:
- 15% of businesses globally have faced a cyber attack
- The EU (19%) and the North America (18%) have been the hardest hit
- Asia Pacific businesses have lost $81 billion in the last 12 months
- EU business have lost $62 billion in the last 12 months
- US businesses have lost $61 billion in the last 12 months
Grant Thornton go on to say that the average ‘successful’ cyber attack costs businesses 1.2% of revenues. In some markets, where markets are thin, this not only risks the survival of the business but also means that the cost of attacks is being passed on to the customer.
According to Manu Sharma, head of cyber security and resilience at Grant Thornton UK LLP, said: “Cyber attacks are an increasingly significant danger for business. Not just the costs in terms of financial penalties, but serious reputational damage and loss of customers and business can be inflicted if attacks undermine customer confidence. Despite this, some firms still lack a strategy to deal with cyber threat or even understand the risks to their organisation.
“Businesses cannot afford to be behind the curve on this threat. Cyber attacks can strike without warning and sometimes without the victim being immediately aware. The pressure from customers and clients cannot be ignored. In this digital age, rigorous security and privacy is expected. If this cannot be guaranteed the ultimate risk is they will simply go elsewhere.”
(Next:Who is most likely to be attacked)