Summary
Impact is the final stage of the unified kill chain of sophisticated cyber attacks. It implies that threat actors have successfully achieved goals that match their primary motivation. Achieving those goals has different consequences for the victim. The most obvious ones are the direct results of the attack – monetary theft, encryption of infrastructure, and manipulation of data. In addition to the direct consequences of an attack, victim companies usually suffer various losses, which can be divided into direct and indirect.
Direct impacts include the costs of investigating the incident itself, engaging third parties as consultants or service providers, recovering the infrastructure, notifying stakeholders, and paying regulatory fines. To assess them, a general approach to identifying financial impacts, adapted to the specifics of the company, can be used.
Indirect impacts include reputational losses, which may entail the loss of customers and employees or a drop...
