At least 57 negative impacts from cyber-attacks

October 24, 2018 by Dan Worth, University of Kent
Credit: CC0 Public Domain

Cyber-security researchers have identified a total of at least 57 different ways in which cyber-attacks can have a negative impact on individuals, businesses and even nations, ranging from threats to life, causing depression, regulatory fines or disrupting daily activities

The researchers, from Kent's School of Computing and the Department of Computer Science at the University of Oxford, set out to define and codify the different ways in which the various cyber-incidents being witnessed today can have negative outcomes.

They also considered how these outcomes, or harms, can spread as time passes. The hope is that this will help to improve the understanding of the multiple harms which cyber-attacks can have, for the public, government, and other academic disciplines.

Overall the researchers identified five key themes under which the impact—referred to in the article as a cyber-harm—from a cyber-attack can be classified:

  • Physical/Digital
  • Economic
  • Psychological
  • Reputational
  • Social/societal

Each category contains specific outcomes that underline the serious impact cyber-attacks can have. For example, under the Physical/Digital category there is the loss of life or damage to infrastructure, while the Economic category lists impacts such as a fall in stock price, regulatory fines or reduced profits as a possibility.

In the Psychological theme, impacts such as individuals being left depressed, embarrassed, shamed or confused are listed, while Reputational impacts can include a loss of key staff, damaged relationships with customers and intense media scrutiny.

Finally, on a Social/Societal level, there is a risk of disruption to daily life such as an impact on key services, a of technology or a drop in internal morale in organisations affected by a high-level incident.

The full list of cyber harms can be viewed online.

The researchers point to high-profile attacks against Sony, JP Morgan and online dating website Ashley Madison, as examples where a wide variety of negative outcomes were experienced, from reputational loss, causing shame and embarrassment for individuals or financial damage.

They say these incidents underline why a taxonomy of impacts and harms is so important for businesses. Many successful cyber-attacks have been traced to exploits of well-known vulnerabilities that had not been dealt with appropriately because of a lack of action by firms who did not appreciate the ways in which they could be affected by a cyber-attack.

By providing a detailed breakdown of the many different ways a cyber-attack can a business and third-parties, it gives board members and other senior staff a better understanding of both direct and indirect harms from cyber-attacks when considering the threats their organisation faces. This also equally applies to other organisations and even governments or those who manage critical national infrastructure.

Commenting on the article, Dr. Jason R.C. Nurse from the School of Computing: 'It's been well understood that cyber-attacks can have numerous negative impacts. However, this is the first time there has been a detailed investigation into what these impacts are, how varied they can be, and how they can propagate over time. This base figure of 57 underlines how damaging cyber-incidents can be and we hope it can help to better understand how a business, individual or even nation is affected by a cyber-attack. This is going to be even more relevant as everything and everyone becomes connected and the Internet of Things is fully realised.'

Explore further: EU leaders vow tough action on cyber attacks

More information: Ioannis Agrafiotis et al, A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate, Journal of Cybersecurity (2018). DOI: 10.1093/cybsec/tyy006

Related Stories

'Advanced' cyber attack targets Saudi Arabia

November 21, 2017

Saudi authorities said Monday they had detected an "advanced" cyber attack targeting the kingdom, in a fresh attempt by hackers to disrupt government computers.

US cyber commander says hackers to 'pay a price'

May 11, 2015

The US strategy of "deterrence" for cyber-attacks could involve a wide range or responses, potentially including the use of conventional weapons, the nation's top cyber-warrior said Monday.

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

NASA instruments image fireball over Bering Sea

March 22, 2019

On Dec. 18, 2018, a large "fireball—the term used for exceptionally bright meteors that are visible over a wide area—exploded about 16 miles (26 kilometers) above the Bering Sea. The explosion unleashed an estimated 173 ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.