The Cost of a Hacked Website
In a world with over 1.3 billion websites and counting, keeping your website up and running is crucial to the success of your business. Unlike a storefront or warehouse, your website is accessible 24/7, 365 days a year. Thanks to the internet, customers can make purchases on demand, look up information whenever they please and access your business no matter where they are. But we live in a world where even the biggest companies can be vulnerable to a security breach (Yes, Equifax, Target and Amazon I’m talking about you all). As a result, the cost of a hacked website can be very high.
So, if you fall in the overwhelmingly crowded pool of business decision makers who think “No one would ever want to hack me,” you might want to think again. Cyber security crimes can happen to every type of business, at any given moment. Actually, about 200 cyber attacks happen every hour. From losing money in sales due to your site’s downtime to having to payout affected customers, you will experience financial costs. And, it’s not always sufficient to place a numerical value on the cost of a hacked website because the costs aren’t always in dollar signs. A severe enough cyber crime committed against your business may cost you your customer base, your brand’s reputation, your entire database with invaluable information — the list goes on.
A Look at Hackings by the Numbers
There are over 1 billion websites in the world.
There are about 380 million websites in the U.S.
About 30,000 websites are infected with some type of malware daily.
73% of Americans fall victim to some type of cybercrime.
40 million Americans lose information annually due to business hacking.
WordPress powers about 25% of all the world’s website. WordPress hacks are also the most common
It only takes about 10 minutes to crack a lowercase password that is 6 characters long.
Financial Costs of Hacked Website
The financial costs of having your website hacked may come in different forms. You may have to pay a lot of money to get your site back up and running, pay a lump sum to affected customers (and their subsequent lawsuits) or even hire an extra IT or cyber security team to help prevent future breaches.
Getting Your Site Back Online
If your website or server is hacked and your hosting company takes your site offline, guess what? You’ll have to pay them to get it back online. Most hosting companies can charge upwards of hundreds of dollars per hour. That may not seem like a lot, but it adds up, especially considering getting your site live again may be a timely endeavor. It’s more than just hitting an “on” button.
For example, a Distributed Denial of Service, also known as a DDOS attack, occurs when hackers use multiple infected computers to flood a single server with an influx of traffic. The overwhelming amount of traffic may cause a server to slow down, pause or shut down completely. 33% of businesses in 2017 were hit with a DDOS attack. These types of attacks are common but difficult to stop, because the solution is more than just blocking a single IP address.
Lost Income or Revenue
One of the biggest costs of a website hacking is the loss of revenue. If you’re a company that relies on sales from your e-commerce or your company generates revenue from users engaging with your content and ads, experiencing some site downtime can be a costly defeat.
In 2013, mega e-tailer Amazon experienced a site outage that only lasted for about 40 minutes. However, because they generate revenue at an unmatched pace, the company lost $66,240 per minute – that’s almost $5 million dollars in less than an hour!
Amazon may seem like an extreme case, but this paints a perfect picture of how any size company, small or large, can feel the effects of a site outage. Imagine: your company generates about $9,000 in sales daily and your site is offline for a little over 48 hours. That’s about $20,000 lost in sales and revenue. As a smaller-mid size business, the impact of an inoperable website is typically felt immediately.
If your website is hacked, hackers may hold your most valuable data at ransom. In most cases, it’s not because the hackers need or see any value in the data in the same way that you do, but more so, they will test how much you are willing to pay for it. Ransomware is a type of malicious software that denies access to a company, entity or individual’s data and threatens to publish or delete it until a ransom is paid. These type of attacks are easiest to pull on small to mid-size businesses and it all starts with a simple email that an employee mistakenly opens.
A small toy company, Rokenbok based out of California experienced this first hand during their busiest season: winter holidays. In 2016, hackers gained access to their files, encrypted them and made them completely unusable. The hackers demanded a large (undisclosed) lump sum to turn over the files. Ultimately, Rokenbok couldn’t meet the demands of the hackers. Instead, their small 7 person team spent 4 days reconfiguring their systems and in two days, the already struggling company lost tens of thousands of dollars.
Increased budget for IT Security
If your website or server is severely hacked, consider it a wake up call to invest in cybersecurity. Many small-mid size companies prioritize their efforts to bring in more revenue over budgets for security. Not only is that a terrible mistake, it can turn out to be a costly one.
If your website is hacked once, not only will you be stuck with the aforementioned costs, but you’ll clearly see the need to increase your budget for IT Security. Cyber security breaches are growing by over 50% year after year, so it’s irresponsible to not invest in the safety of your business and its most precious assets. Whether you invest in an on-site security engineer or a solid hosting company that can take care of your website’s most pressing needs, the time is now.
A Tale of Two Companies
Let’s take a look at Target. In 2013, hackers broke into the retailer’s network and stole Target’s customers’ credit card information and other data, affecting about 70 million customers. In the year to follow, the company spent around $162 million in expenses, solely related to the data breach. They lost a lot of money and that figure doesn’t include payouts for class action lawsuits filed by angry customers. Face it, $162 million in expenses is still a lot of money, even for a company whose market cap sits at almost $30 billion.
If you still believe your business doesn’t hold the same weight or value to a hacker, like Amazon or Target, remember this: A small sized business is never too small for hackers. In fact over 60% of attacks target small businesses. Wright Hotel, a small hotel investment firm, lost over $1 million dollars after hackers gained access to the owner’s email account. From there, thieves committed wire fraud to drain funds from the company’s banks.
Data and Assets Costs
Having your customer data stolen is not only extremely bad for your customers, but it’s also detrimental for your business. Your customers are at the heart of your business, they are what keeps you in business. If you’re a small-mid sized business, and your customer data is stolen, there are a few ways this can play out:
- Hackers may try to hold their information at ransom until you pay. Then the question as a business decision maker is, how much is each customer worth? What if you pay the ransom costs and hackers still do as they please?
- Hackers may sell your customer data to your competitors who have the potential to take over your customer base and put you out of business.
Yes, in some cases there is a way to retrieve lost or stolen data and recover damaged files. Yes, that comes with a cost. However, you can’t necessarily quantify the data itself.
Reputational and Credibility Costs
Financial hits (short-term and long-term) are not the only hits your business will take after a major hacking. Your credibility as a business will most likely be questioned and your reputation in the digital space may be tainted. If your customers are also affected by your website being hacked, you may see an abnormal turnover in your customer base.
Blacklisted By Google
Google is by far the most popular search engine there is. Staying in their good graces is beneficial to your business. People searching for a product or service in your field will rely on Google’s search engine results page to lead them to what they’re looking for – you rely on Google to lead potential customers to your digital doorstep.
However, after a major hacking that involves phishing campaigns or malware on your site, you may slip far below in Google’s ranking or become blacklisted. Visitors who haven’t yet been notified or affected by your site’s website hacking, will see on the results page that your site may harm their computer or may contain malware. Any smart consumer will know that’s a red flag and not to proceed. Or, even worse, your site may not show up on the search results page at all. Instead, your could-be business will now be redirected to a competitor’s business page.
Consumers are protective over their sensitive information, as they should be. When a loyal customer feels that their privacy has been extremely invaded, they react. If your business website is hacked and you have to relay this information to your customers, you can guarantee they will be hopping mad, especially if they feel the issue isn’t being resolved quickly enough. Once their sense of personal security is crushed and their trust of your organization starts diminishing by the minute.
In a best-case scenario, if your website is hacked and hackers have managed to start sending out e-mail phishing campaigns, hopefully your customers will know it looks suspicious and doesn’t open it. Best-case scenario.
In a more complicated scheme where your entire database is taken over and customer’s most private information is at the mercy of hackers, here’s where their loyalty is tested.
Target experienced this first hand after it’s big data breach. Endless phone calls to an out of service toll free number, fired up social media messages that received no response and no clear answer to the overwhelming “what now?” question led customers to believe that the brand wasn’t doing enough. Many customers threatened to take their business elsewhere.
Here’s the thing: for a company like Target that’s worth over 25 Billion, losing the business of a few thousand shoppers, might not be felt immediately, if at all. But if you’re a small-mid size business that doesn’t have the reputation or revenue stream like Target, you’ll feel the hit from a customer turnover — and you’ll feel it hard.
It’s not impossible to come back from a website hacking. If anything, you may bounce back stronger than before. But again, depending on the severity of the security breach, it may require some long term activities. Damage control.
For example, you may need to invest in a PR team to get your reputation back to where it was before your website was hacked. Or, you may find yourself investing in community managers to filter through social media comments, before they are revealed to the public. You may find yourself investing in efforts that constantly remind customers that their security comes first. You may throw extra dollars towards rolling out programs that prove your business is ahead of any potential security breaches.
Here’s the truth
Having your website hacked is expensive. You end up spending more money afterwards, than you would had you been more proactive beforehand. As a result, you lose money. You lose customers. You lose precious time. Investing in your business’ website security shouldn’t be an option, it’s a given.
There are proactive measures that can be taken to increase the security and safety of your website. Make sure you’re aware.