R&C: Could you outline the kinds of intangible losses that might arise in the context of a cyber attack? Is there a growing appreciation for the non-financial damage that tends to accompany these events?

Rathour: The General Data Protection Regulation (GDPR) and recent high-profile data breaches have brought back into focus the enormous value of data. Data is the lifeblood of a modern and connected business, but its ephemeral nature means that many businesses have difficulties assessing and accounting for the intangible impacts that follow from an attack and the loss of data. Those impacts will swiftly become apparent following a cyber attack. The operational impact on a business resulting from a partial or complete loss of commercially-valuable IP and data, and the data systems required to run the business, can cripple it mortally. A ransomware attack on an email server or a supervisory control and data acquisition (SCADA) industrial control system can have businesses resorting to paper and pencil to communicate. Business interruption will rapidly impact trading capability, and as this becomes public, consumer confidence in the brand can rapidly falter – brand damage is a major impact following a cyber-attack.

Jul-Sep 2018 Issue

Grant Thornton UK LLP