I had no idea at all! over 100 notifiable and probable “State Based” significant hacks to October 2021 – either against government orgs or with a value of more than $1 million.
Four of those were against Australian government orgs and one against a New Zealand Government org.
One of our business partner orgs who do not have any cyber resilience processes or tools and only 20 staff were breached last week, for them it was a rapid recovery process:
- Reset all account passwords and they were back in business.
- Next time use Multi Factor Authentication for at least all admin portals
Back of an envelope calculation, for a 20 user business:
Average revenue per staff member per annum = $98k-$304k, (2013 figure)
$200,000 * 20 staff / 233 (4 weeks AL) working days per year
= $ 17,000 p/day revenue
.5 day outage = $8500 loss aprox (worse if big trading day)
A full malware incident = 3-5 day outage
$50-$85,000 loss for a 20 employee company!
The $1 million trigger for inclusion in this list is not a very large number at all, except for the company that is hacked.