Security Culture

The ideas, customs, and social behavior of a particular people or society
that allows them to be free from danger or threats.

What is the cost of being victim of a cyber attack?

Daniel Andersson

Information Security Advisor and Consultant at CAPSAB
Daniel is a senior security manager in the banking and card industry; he has worked with PCI DSS since 2005. Daniel has a broad experience regarding implementation of PCI DSS.

Daniel also has an IT engineering background working with a broad selection of platforms and communication equipment.

Daniel is ISACA Certified Information Security Manager (CISM) and PCI Professional (PCIP) and certified Security Culture Practitioner.

During the past years GDPR has set the tone for what the cost may be for security incidents, however there are more to it than only fines, today news came that Norsk Hydro had suffer from a cyber attack which brings down the automation in many of their factories, the direct result of this has been a 2,99% loss in the stock-price when writing this post. In USD this is equal to a loss of company value of 259,171,544 USD.

Above is the initial reaction, which can if Norsk Hydro is able to restore from the cyber attack quickly be recovered but could also become even more if the automation production is at a halt for a longer time.

In above the direct costs for labor to restore the IT environment is not accounted for also no cost for fines if there are any GDPR breaches or other claims from partners/customers that may have suffered from direct or indirect losses due to the cyber attack.

Using only 0,1% of the 259,171,544 USD on a security program would give a huge boost in the security for any company, this would allow the company to run a company-wide security culture program to enhance the security culture.

A security culture program would enhance the probability to avoid a cyber attack due to the increased focus on security and a change of the mindset of the employees. Employees would with the new mindset be able to optimize current and new security tools to protect the company against security breaches.