Do cyber attacks cause real damage or not?
According to Bloomberg:
"The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen."
Are these companies telling the truth? These reports are based on recent filings with the Securities and Exchange Commission (SEC) so one would imagine they should be fairly honest.
According to the BBC:
"In 2012, the head of MI5 Jonathan Evans said the scale of attacks was "astonishing".
One major London listed company had incurred revenue losses of £800m as a result of cyber attack from a hostile state because of commercial disadvantage in contractual negotiations."
If it's a listed company, would they not have to reveal the loss in their annual report? Does anybody know who this company is?
If you are interested, it's worth reading the paper "Measuring the Cost of Cybercrime" by Ross Anderson and associates.
- BBC: Anti-cyber threat centre launched
- Bloomberg: Cyberattacks Abound Yet Companies Tell SEC Losses Are Few
- Measuring the cost of CyberCrime (PDF)