The Cost of a Security Breach (Government)
Note: Some of the research on this page has been done using Microsoft Copilot and Claude
Cybersecurity breaches in government cities are a critical concern, and they can have significant consequences.
See also a searchable list of reported cybersecurity Breaches
A cyber incident will directly consume a company’s resources, leading to an increased cost of doing business. In 2022, the global average cost of a data breach reached $4.35 million, while the number is more than double in the U.S., averaging $9.44 million. These expenses can include everything from ransom payments and lost revenues to business downtime, remediation, legal fees, and audit fees. For example, the audit fees for companies following data breaches can be about 13.5% higher than those for firms without breaches. While millions of dollars in losses can bankrupt a small company but not have much of an effect on a public company, the attackers are generally “smart” enough to cause more problems for the bigger companies. For example, ransomware attacks had a much bigger financial impact on the health care sector, with over $7.8 billion lost due to downtime alone in 2021.
Calculating the cost of a cybersecurity breach involves several factors. Let’s explore them:
- Nature of the Breach: The type of data breach directly correlates with the ensuing costs. For instance, a breach involving sensitive customer information might have more significant financial implications than a less critical incident.
- Reputational Damage: The impact on an organization’s reputation can be a formidable cost driver. Data breaches can erode trust and confidence among customers, partners, and stakeholders, leading to long-term financial consequences.
- Business Downtime: Severe business downtime following a breach can have cascading financial effects. Disruptions in operations, loss of productivity, and missed revenue opportunities contribute to the overall cost.
- Regulation and Litigation: Compliance with data protection regulations and legal obligations can result in substantial expenses. Organizations may face fines, legal fees, and settlements due to non-compliance or negligence.
- Cyber Insurance Challenges: While cyber insurance can mitigate some costs, policy terms, deductibles, and coverage limitations impact the overall financial burden.
- Ransom Payments: In cases of ransomware attacks, paying the ransom (if chosen) adds to the breach cost. Balancing the decision between paying or not paying can be complex.
Additionally, specific cost components include:
- Direct Costs: These are expenses related to dealing with a detected breach. They include forensic activities, information security investigations, fines, and compensating affected parties.
- Indirect Costs: These are connected to the time, effort, and other resources necessary to cover losses resulting from the breach. Examples include reputational damage, lost business opportunities, and recovery efforts.
To fully understand the impact of data breaches and create models for predicting future expenses, organizations must consider both direct and indirect costs
Here are several examples of recent local government cybersecurity breaches, along with some relevant information:
| City | Impact | Cost | Details |
|---|---|---|---|
| Atlanta, Georgia | Ransomware attack | $15 million | In 2018, Atlanta faced a costly ransomware attack that significantly impacted city services. Atlanta, Georgia (2018): A ransomware attack cost the city $15 million. |
| Baltimore, Maryland | Ransomware attack | $18 million | Baltimore also fell victim to a ransomware attack, resulting in substantial financial losses. Baltimore, Maryland (2019): Another ransomware attack resulted in an $18 million expense for the city. |
| City of Dallas, TX | Ransomware Attack | $8.5 Million | City of Dallas Details Ransomware Attack Impact, Costs – SecurityWeek |
| San Bernandino County, CA | Ransomware attack | $2M | San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff’s Department systems |
| Greenville, NC | Cyber incidents | N/A | Greenville reported cybersecurity incidents in both 2019 and 2020. Greenville, North Carolina: Reported cyberattacks in 2019 and 2020 |
| Torrance, CA | Cyberattacks | N/A | Torrance, California, experienced cyberattacks during the same period. Torrance, California: Also reported cyberattacks during the same period |
| New Orleans, LA | Cyber incidents | N/A | New Orleans faced various cyber incidents. New Orleans, Louisiana: Experienced cyber incidents |
| Texas (22 cities) | Targeted by attacks | N/A | Multiple local government organizations in Texas were targeted. Texas (22 cities): Various local government organizations in Texas were targeted |
| Miller County, AR | Compromised mainframe | N/A | A compromised government mainframe led to malware spreading across the state. Miller County, Arkansas: A compromised government mainframe led to malware spreading across the state |
| Fresno, CA | Phishing scam | $400,000 | Fresno lost over $400,000 due to a successful phishing scam. Fresno, California: Lost over $400,000 due to a phishing scam |
| California DMV | Data Breach | N/A | Data Breach Feb 2021 |
| Various US cities | Ransomware attacks | N/A | In 2021-2022, 106 local governments faced ransomware attacks. Various US cities (2021-2022): 106 local governments faced ransomware attacks |
| Public safety call centers | Targeted | N/A | Over the last two years, 180 public safety call centers were targeted. 180 public safety call centers: Targeted in the last two years. |
| Federal, state, and local governments | Ransomware attacks | N/A | Various government entities were hit by ransomware attacks in 2020. Federal, state, and local governments (2020): Hit by ransomware attacks. |
| U.S. government organizations | Ransomware attacks | $18.88 billion | Comparitech research estimated significant costs due to ransomware attacks in 2020. 79 ransomware attacks against U.S. government organizations in 2020, costing an estimated $18.88 billion in downtime and recovery. |
These examples highlight the urgent need for robust cybersecurity measures in local government entities.
- The True Cost of a Data Breach (isaca.org)
- Understanding the Cost and Impact of Data Breaches
- Cost of a data breach 2023 | IBM
- Cost of a data breach in the U.S. 2023 | Statista
- The Cost of a Data Breach for Government Agencies (securityintelligence.com)
- A Look at Local Government Cybersecurity in 2020
- Government Data Breach Prevention 2023
- The Physical Impact of Cyberattacks on Cities
- Our cities are under cyberattack. Here’s why – and what to do about it
- State and local governments will be prime cyber targets in 2022
- Cyber Attacks list:
Stay vigilant!
