Cyber Security Breaches Survey 2023
The definitions below refer to how we determine whether the cyber breach you experienced was a criminal incident or not. It would be beneficial if you had these definitions open in front of you when asked questions that explore the breaches you experienced in more detail.
Final event in sequence
Several incidents or breaches may form part of the same event in which several different types of breach happen. In these incidents we would only like you to consider the final event in a sequence. For instance, if you were victim of a phishing attack that led to your computer becoming infected in a virus, we would only like you to consider the virus when being asked these questions.
Some events might be accidental whereas for others you might be deliberately targeted. We’d like you to only consider events where your organisation has been deliberately targeted. Below are some examples of what may constitute an incident where your organisation was deliberately targeted.
Denial of Service attack
By being targeted deliberately we mean that you are certain the attack was carried out with malicious intent specifically at your organisation. For instance, where the website service is denied because it is experiencing high traffic, this would not count as a targeted denial of service attack. However, where a group or an individual has deliberately overloaded your systems to cause them to crash, this would count as a targeted denial of service attack.
By your organisation being deliberately targeted we mean events where your organisation’s files or networks, were hacked into in a targeted manner. For instance, if an employee has accidentally used a machine or accessed a file they did not have permission to use this would not count. However, where someone has knowingly gained unauthorised access into your network drives by getting login details via a phishing attack this would count.
Cost of criminal incident
In order for a cyber incident to be considered criminal it needs to be the final event in a sequence and your organisation must have been deliberately targeted.
Think about the following types of incident your organisation has experienced in the last twelve months where it was deliberate and the final event in a sequence:
- Ransomware attacks
- Other malware attacks, such as viruses or spyware
- Denial of service attacks, i.e. attacks that try to slow or take down your website, applications or online services
- Unauthorised accessing of files or networks by staff, even if accidental
- Unauthorised accessing of files or networks by people outside your organisation
- Unauthorised listening into video conferences or instant messaging
- Takeovers or attempts to take over your website, social media accounts or email accounts
- Cyber enabled fraud
- Phishing attacks, i.e. staff receiving fraudulent emails, or arriving at fraudulent websites
Before the interview we would like you think about how much each of these cost your organisation in the last twelve months. It will make the interview quicker and more efficient if you prepare these figures in advance.
How much do you think each specific incidents cost your organisation financially?
Please include any costs such as legal fees, staff time spent on recovery and investigation, lost revenue, costs of any external contractors to help resolve issue, insurance excess, or any costs related to damaged files or software or purchasing any new software.
Please exclude any incidents that led to any subsequent events.
Cost of cyber breaches
The definitions below refer to how you should calculate the costs your most disruptive cyber breach or incident. This does not have to be a criminal incident.External payments during the incident
What was the approximate value of any external payments made when the most disruptive incident was being dealt with? This includes:
- Any payments to external IT consultants or contractors to investigate or fix the problem
- Any payments to the attackers, or money they stole.
What was the approximate value of any external payments made in the aftermath of the incident? This includes:
- Any payments to external IT consultants or contractors to run audits, risk assessments or training
- The cost of new or upgraded software or systems
- Recruitment costs if you had to hire someone new
- Any legal fees, insurance excess, fines, compensation or PR costs related to the incident.
What was the approximate cost of the staff time dealing with the incident? This is how much staff would have got paid for the time they spent investigating or fixing the problem. Please include this cost even if this was part of this staff member’s job.
What was the approximate value of any damage or disruption during the incident? This includes:
- The cost of any time when staff could not do their jobs
- The value of lost files or intellectual property
- The cost of any devices or equipment that needed replacing.
Considering all the following costs, how much do you think all the cyber security breaches or attacks you have experienced in the last 12 months have cost your organisation financially?
- any payments to external IT consultants or contractors to investigate or fix the problem
- any payments to the attackers, or money they stole
- any payments to external IT consultants or contractors to run audits, risk assessments or training
- the cost of new or upgraded software or systems
- recruitment costs if you had to hire someone new
- any legal fees, insurance excess, fines, compensation or PR costs related to the incident
Cost of staff time
- how much staff would have got paid for the time they spent investigating or fixing the problem (even if this was part of this staff member’s job)
Cost of damage or disruption
- the cost of any time when staff could not do their jobs
- the value of lost files or intellectual property
- the cost of any devices or equipment that needed replacing.