The Cost of a Security Breach (Government)

Disclaimer:  I work for Dell Technology Services as a Workforce Transformation Solutions Principal.    It is my passion to help guide organizations through the current technology transition specifically as it relates to Workforce Transformation.  Visit Dell Technologies site for more information.  Opinions are my own and not the views of my employer.

Note: Some of the research on this page has been done using Microsoft Copilot and Claude

Cybersecurity breaches in government cities are a critical concern, and they can have significant consequences.

See also a searchable list of reported cybersecurity Breaches

A cyber incident will directly consume a company’s resources, leading to an increased cost of doing business. In 2022, the global average cost of a data breach reached $4.35 million, while the number is more than double in the U.S., averaging $9.44 million. These expenses can include everything from ransom payments and lost revenues to business downtime, remediation, legal fees, and audit fees. For example, the audit fees for companies following data breaches can be about 13.5% higher than those for firms without breaches. While millions of dollars in losses can bankrupt a small company but not have much of an effect on a public company, the attackers are generally “smart” enough to cause more problems for the bigger companies. For example, ransomware attacks had a much bigger financial impact on the health care sector, with over $7.8 billion lost due to downtime alone in 2021.

Calculating the cost of a cybersecurity breach involves several factors. Let’s explore them:

  1. Nature of the Breach: The type of data breach directly correlates with the ensuing costs. For instance, a breach involving sensitive customer information might have more significant financial implications than a less critical incident.
  2. Reputational Damage: The impact on an organization’s reputation can be a formidable cost driver. Data breaches can erode trust and confidence among customers, partners, and stakeholders, leading to long-term financial consequences.
  3. Business Downtime: Severe business downtime following a breach can have cascading financial effects. Disruptions in operations, loss of productivity, and missed revenue opportunities contribute to the overall cost.
  4. Regulation and Litigation: Compliance with data protection regulations and legal obligations can result in substantial expenses. Organizations may face fines, legal fees, and settlements due to non-compliance or negligence.
  5. Cyber Insurance Challenges: While cyber insurance can mitigate some costs, policy terms, deductibles, and coverage limitations impact the overall financial burden.
  6. Ransom Payments: In cases of ransomware attacks, paying the ransom (if chosen) adds to the breach cost. Balancing the decision between paying or not paying can be complex.

Additionally, specific cost components include:

  • Direct Costs: These are expenses related to dealing with a detected breach. They include forensic activities, information security investigations, fines, and compensating affected parties.
  • Indirect Costs: These are connected to the time, effort, and other resources necessary to cover losses resulting from the breach. Examples include reputational damage, lost business opportunities, and recovery efforts.

To fully understand the impact of data breaches and create models for predicting future expenses, organizations must consider both direct and indirect costs

Here are several examples of recent local government cybersecurity breaches, along with some relevant information:

Atlanta, GeorgiaRansomware attack$15 millionIn 2018, Atlanta faced a costly ransomware attack that significantly impacted city services.

Atlanta, Georgia (2018): A ransomware attack cost the city $15 million.
Baltimore, MarylandRansomware attack$18 millionBaltimore also fell victim to a ransomware attack, resulting in substantial financial losses.
Baltimore, Maryland (2019): Another ransomware attack resulted in an $18 million expense for the city.
City of Dallas, TXRansomware Attack$8.5 MillionCity of Dallas Details Ransomware Attack Impact, Costs  – SecurityWeek
San Bernandino County, CARansomware attack$2MSan Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff’s Department systems
Greenville, NCCyber incidentsN/AGreenville reported cybersecurity incidents in both 2019 and 2020.
Greenville, North Carolina: Reported cyberattacks in 2019 and 2020
Torrance, CACyberattacksN/ATorrance, California, experienced cyberattacks during the same period.
Torrance, California: Also reported cyberattacks during the same period
New Orleans, LACyber incidentsN/ANew Orleans faced various cyber incidents.
New Orleans, Louisiana: Experienced cyber incidents
Texas (22 cities)Targeted by attacksN/AMultiple local government organizations in Texas were targeted.
Texas (22 cities): Various local government organizations in Texas were targeted
Miller County, ARCompromised mainframeN/AA compromised government mainframe led to malware spreading across the state.
Miller County, Arkansas: A compromised government mainframe led to malware spreading across the state
Fresno, CAPhishing scam$400,000Fresno lost over $400,000 due to a successful phishing scam.
Fresno, California: Lost over $400,000 due to a phishing scam
California DMVData BreachN/AData Breach Feb 2021
Various US citiesRansomware attacksN/AIn 2021-2022, 106 local governments faced ransomware attacks.
Various US cities (2021-2022): 106 local governments faced ransomware attacks
Public safety call centersTargetedN/AOver the last two years, 180 public safety call centers were targeted.
180 public safety call centers: Targeted in the last two years.
Federal, state, and local governmentsRansomware attacksN/AVarious government entities were hit by ransomware attacks in 2020.

Federal, state, and local governments (2020): Hit by ransomware attacks.
U.S. government organizationsRansomware attacks$18.88 billionComparitech research estimated significant costs due to ransomware attacks in 2020.
79 ransomware attacks against U.S. government organizations in 2020, costing an estimated $18.88 billion in downtime and recovery.

These examples highlight the urgent need for robust cybersecurity measures in local government entities.

Stay vigilant!


Similar Posts