Skip to Content

The business impact of cyber incidents

Entire communities can feel the effects — and bear the costs — when cybercriminals breach a single organization. Here’s what each of us can do about it.

As our world becomes increasingly digitized and connected, cybercrime has emerged as one of our society’s most serious threats. Criminals continue to refine methods of infiltrating digital networks and deceiving employees at organizations, which can result in businesses being unable to operate, data being stolen and consumers losing services.

Increasingly, the criminals are targeting essential industries and service providers, such as hospitals, energy delivery companies, food suppliers and software companies. The cost to these organizations is immense: The average total cost to an organization of a data breach between March 2023 and February 2024 was $4.88 million — a 10% increase since the same period in 2022-2023.1

But this estimate does not fully account for costs to consumers, who may experience higher prices, hardship due to loss of essential services and an overall feeling of mistrust when organizations they depend on experience a breach.

It can be difficult to understand the seriousness of cybercrime unless we are directly affected by it. Yet it is important to recognize that as our economy becomes increasingly globalized and interconnected, no one is immune from the impacts of cyber insecurity.

CYBERCRIME: Potential fallout in six industries

Here are some ways you or your community might experience the effects of a cyber incident that targets an organization you depend on for goods, services or safekeeping of your personal information:

Healthcare

Essential services can be disrupted, and highly sensitive personally identifiable information (PII) can be stolen.

Energy sector companies

Electricity and water availability or quality can be compromised, leading to service disruptions.

Software providers

Compromised business software can result in denial of service or inoperable networks for downstream users.

Food production

Breaches can lead to production delays that result in higher prices and food shortages.

Public sector

Cities experiencing cyber incidents may become unable to make payroll, and their essential services could be suspended.

Education

Students may be unable to attend digital classes, and their personally identifiable information can be compromised.

Furthermore, every citizen has a stake in supporting a culture of cyber awareness and defense that extends to private businesses, the public sector and our personal lives. The better the threat is understood, the more resources we have to defend against it.

Consumers and citizens often experience residual effects of cybercrime, even if they are far downstream from the initial breach or incident.

All industries, companies and communities are at risk for cybercrime

Cyber incidents involving large companies make headlines for good reasons: These breaches often involve the compromise of millions of customer account details or a demand for millions of dollars in ransom. But criminals are opportunistic and willing to exploit any weakness in any organization’s digital defenses if there is a potential for profit, even (and in some cases especially) when public safety will be compromised. For example, when hospitals are suddenly unable to access their servers, patient records or connected devices, patient health and privacy are at risk.

Cybercrimes that focus on supply chains can create effects that trickle downstream and are experienced by consumers, such as goods shortages, higher prices or interrupted services. In some cases, affected consumers and businesses may be in completely different countries. During an incident where software used by many businesses is compromised, service interruptions can happen in multiple locations.

Public trust is also at risk

If essential organizations and service providers experience cybercrime, consumers and constituents may experience doubt about those organizations’ security, and they may even become concerned for their own personal safety. The reputational damage that can accompany a serious breach can be severely damaging to almost any institution.

Yet it is important to remember that even the most robust security defenses and most diligent organizations are not immune to cybercrime. Trust is a function of a commitment to cybersecurity, which includes a high level of transparency, effective communication and rapid remediation after an incident occurs.

As a private citizen, you can demand accountability and responsiveness from institutions and businesses, before and after a cyber incident occurs.

How you can contribute to your community’s cybersecurity

Consumers and citizens can have an indirect impact on cybersecurity by prioritizing it. By learning about cyber best practices, we can be more proactive in making sure the organizations where we work, shop and turn to for the delivery of essentials are invested in their own security — and ours.

You can help build a culture of cybersecurity in several ways:

 

  • Support businesses and organizations that show accountability and dedicate resources to their cybersecurity practices.
  • Learn about the cybersecurity protocols of any organization where you work, volunteer or regularly attend events.
  • Follow good cyber hygiene protocols while using your personal online accounts, including social media.
  • Share good cyber practices with your family and friends.

Turning cybersecurity into a society-wide objective requires proactive buy-in from individual citizens, business and community leaders, educational institutions and security professionals. Keeping our core institutions and essential businesses safe is an ongoing challenge, but the more you know about digital security and how to respond to cyber incidents, the better prepared your community becomes.

Stay connected, stay protected

To help keep your Bank of America account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we'll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

 

Related Insights

TOP