- Direct cost – the direct expense outlay to accomplish a given activity, such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services.
- Indirect cost – the amount of time, effort and other organizational resources spent in the aftermath of a breach, such as in-house investigations and communications. This category also includes the extrapolated value of customer loss resulting from turnover.
- Opportunity cost – the cost of lost business opportunities resulting from negative reputation effects after the breach has been reported to victims and publicly revealed to the media.
A recent report from Deloitte says the costs of a cybersecurity breach could be higher than most data shows as the costs can rack up for many years after the initial incident. The firm identified 14 cyberattack impact factors, including seven it claims are hiding beneath the surface and account for 95 percent of the financial impact. (see chart below).