October 4, 2023

Understanding the Costs of Incident Response: Business Interruption

One of the largest costs resulting from a cyber incident can sometimes be particularly challenging to calculate: the cost of business interruption. In this blog, we'll delve into the intricacies of calculating this cost and emphasize its vital role in incident response planning.

Business interruption can be defined simply as the income loss experienced as a direct result of the incident and is often a significant element in insurance claims. For example, let’s consider a manufacturer or a professional services organization that falls victim to ransomware. There's no way to recover the lost revenue if they can't produce or bill their clients on a given day due to downtime from the ransomware attack. Absent a time machine, those hours are lost forever and irreplaceable and would directly contribute to business interruption calculations.  

While that example is intuitive, assessing actual business interruption costs can be deceptively complex. Let’s contrast that example with an online retail business that suffers a similar attack. Downtime caused by the attack prevents the business from processing orders, which you would expect to lead to lost sales. However, some number of customers that couldn’t place orders during downtime will simply place their order when the website is back online. In another example, reputational damage might cause the loss of a significant deal. But that, too, is very difficult to definitively tie to the incident. These nuances make precisely quantifying lost revenue challenging, complicating insurance claims. In fact, accurately determining reasonable business interruption costs often requires the involvement of forensic accountants.  

While interruption costs will vary from business to business, one principle is always a factor: the more complex and time consuming the first four response costs are (recall: investigation, ransom payments, recovery and data mining/notification), the more significant business interruption costs will be. Proactively investing in response and recovery capabilities will also serve to minimize your organization's exposure to interruption costs.  

As ransomware incidents continue to threaten businesses of all sizes and sectors, proactively assessing security posture, implementing cybersecurity capabilities, and establishing comprehensive incident response plans are paramount. By preparing for potential business interruptions and costs, companies can better safeguard their finances and mitigate ransomware's detrimental effects.

<< Previous Post                      Next Post: Counsel + Litigation

Need help now? Contact us at ask@moxfive.com or on our website and talk to one of our technical advisors.  

James Gimbi

James Gimbi brings over ten years of breach response, cybersecurity strategy, and public interest technology experience to MOXFIVE. He investigated state sponsored and criminal cyber attacks across defense, finance, healthcare, and government and advanced bipartisan privacy and technology initiatives as a policy advisor in the US Senate. James's blended expertise helps corporate and federal leaders reduce cyber risk and tackle complex threats.

Experts predict there will be a ransomware
attack every 11
seconds in 2021.
from Cybercrime Magazine
Our mission is to minimize the business impact of cyber attacks. 


Incident Response

MOXFIVE provides the clarity and peace of mind needed for attack victims during the incident response process. Our platform approach enables victims of attacks to work with a Technical Advisor who provides the expertise and guidance needed in a time of crisis, and facilitates the delivery of all technical needs required, consistently and efficiently.

Learn More

Business Resilience

With experience on the front lines responding to incidents daily, MOXFIVE Technical Advisors have the unique ability to connect the dots between business, information technology, and security objectives to help you quickly identify the gaps and build a more resilient environment.

Learn More