What threats does the dark web present to businesses?
The sale of ransomware and malware
In the latest IBM report, the global average cost of a data breach in 2024 is approximately $4.88 million1. This represents a significant increase from previous years, highlighting the growing financial impact of data breaches on organisations worldwide.
These attacks occur when malware, inadvertently downloaded onto a computer encrypts the victim’s files, and attackers then demand payment for restoring access. You can discover what these and other cybersecurity terms mean in our cyber glossary. Ransomware attacks can be devastating for businesses. For instance, in January 2023, the LockBit ransomware group attacked Royal Mail, paralysing international mail delivery and crippling several services, having to spend £10 million on the recovery and remediation2.
Ransomware packages sold on the dark web, including custom-built models and ransomware-as-a-service subscription packages, allow non-technical criminals to launch attacks on businesses.
The sale of business data
If your business is hacked and your data stolen, it may end up for sale on the dark web. Hackers also sell access to breached company databases, which can include anything from financial information to employees’ personal details.
Data breaches can be damaging both reputationally and financially for companies. For instance, in 2023, the pharmaceutical giant Cencora experienced a data breach that compromised the personal and protected health information of over a million clients3.
In the same year, the MOVEit cyber-attack campaign targeted numerous organisations, including Maximus, a U.S. government services contractor. Hackers accessed the protected health information, including Social Security numbers, of approximately 11 million individuals4.
Understand the financial implications of a cyber incident on your business
Understanding the financial effects of a cyber incident on your business is crucial for risk management and resilience strategy. Direct costs typically include immediate expenditures such as system repairs, data retrieval, and security enhancements. Indirect costs can be subtler and more enduring. Operational impacts might involve considerable downtime, disrupting services and transactions, which lead to immediate revenue loss and potentially loss of opportunities as customers turn to your competitors.
Regulatory impacts are equally pressing, as breaches may result in non-compliance with data protection regulations that could lead to fines. A cyber incident can also significantly damage customer trust, crucial to your reputation. This loss of trust can lead to a drop in customer loyalty and retention, further affecting profits.
These breaches can often result in contractual penalties if service level agreements aren’t met, increasing financial pressure. The effect of these elements combined could lead to a fall in your credit rating and an increase in cyber insurance premiums, making it both difficult and costly to secure future coverage.
So, the financial implications of a cyber incident go well beyond the initial event, affecting your operational capacity, regulatory position, market opportunities, customer relations, and financial stability.
