Targets of cyberattacks range from individuals to corporations and government entities. Many cyberattacks are foiled or unsuccessful, but those that succeed can have devastating consequences. Understanding the negative effects of cyberattacks helps organizations ensure that their prevention strategies are cost-effective. One paper classifies the harm caused by cyberattacks in several domains: • Physical damage, including injury or death or destruction of property • Digital damage, such as the destruction of data or introduction of malware • Economic losses, such as those caused by disrupted operations, the cost of investigation, or regulatory fines. •
Psychological harm, such as users being upset that their data has been leaked •
Reputational damage, loss of reputation caused by the attack • Negative
externalities to society at large, such as consumers losing access to an important service because of the attack.
Consumer data Thousands of
data records are stolen from individuals every day. According to a 2020 estimate, 55 percent of data breaches were caused by
organized crime, 10 percent by
system administrators, 10 percent by
end users such as customers or employees, and 10 percent by states or state-affiliated actors. Opportunistic criminals may cause data breaches—often using
malware or
social engineering attacks, but they will typically move on if the security is above average. More organized criminals have more resources and are more focused in their
targeting of particular data. Both of them sell the information they obtain for financial gain. Another source of data breaches are
politically motivated hackers, for example
Anonymous, that target particular objectives. State-sponsored hackers target either citizens of their country or foreign entities, for such purposes as
political repression and
espionage. After a data breach, criminals make money by selling data, such as usernames, passwords,
social media or
customer loyalty account information,
debit and
credit card numbers, and personal health information (see
medical data breach). This information may be used for a variety of purposes, such as
spamming, obtaining products with a victim's loyalty or payment information,
prescription drug fraud,
insurance fraud, and especially
identity theft. Consumer losses from a breach are usually a negative
externality for the business.
Critical infrastructure after the
Colonial Pipeline cyberattack in
Oak Hill, Virginia Critical infrastructure is that considered most essential—such as healthcare, water supply, transport, and financial services—which has been increasingly governed by
cyber-physical systems that depend on network access for their functionality. For years, writers have warned of cataclysmic consequences of cyberattacks that have failed to materialize . These extreme scenarios could still occur, but many experts consider that it is unlikely that challenges in inflicting physical damage or spreading terror can be overcome. Smaller-scale cyberattacks, sometimes resulting in interruption of essential services, regularly occur.
Corporations and organizations There is little empirical evidence of economic harm (such as
reputational damage) from breaches except the direct cost for such matters as legal, technical, and public relations recovery efforts. Studies that have attempted to correlate cyberattacks to short-term declines in
stock prices have found contradictory results, with some finding modest losses, others finding no effect, and some researchers criticizing these studies on methodological grounds. The effect on stock price may vary depending on the type of attack. Some experts have argued that the evidence suggests there is not enough direct costs or reputational damage from breaches to sufficiently
incentivize their prevention.
Governments a
ransomware attack. Government websites and services are among those affected by cyberattacks. Some experts hypothesize that cyberattacks weaken societal trust or trust in the government, but this notion has only limited evidence. ==Responses==