Profitable companies targeted by cybercriminals: risks and impacts of cybercrime

Research by the American Enterprise Institute (AEI) think tank has shown that cybercriminals tend to attack highly profitable companies with abundant cash reserves and which invest generously in advertising. Analysis of cyber attacks from January 1999 to January 2022 suggests that cyber threat actors are targeting successful companies, possibly for industrial espionage. Furthermore, it appears that large cash reserves increase the likelihood of future cyber events.

Failure to report attacks and increasing losses

Despite Securities and Exchange Commission (SEC) rules requiring reporting of all material corporate events, many companies fail to report cyberattacks, according to AEI scholars. However, the likelihood of a cyber event being reported is growing as scrutiny by outside investors and coverage by media and corporate analysts increases. According to the FBI, total potential losses from cyber attacks and cyber fraud increased 48% in the past year to $10.2 billion compared to $6.9 billion in 2021.

The impact of cyberattacks on corporate value

Ransomware, malware and denial of service attacks are among the most damaging cyber threats to business valuations, disabling IT systems and blocking access to corporate data, websites and services. Additionally, many cyber attacks may go unreported due to the high cost of negative publicity. The damage caused by cybercrime goes far beyond the sum of the costs incurred by the target companies, also hurting competitors and the wider economy.

Vulnerability of companies related to government and emerging sectors

Companies with ties to the US government or the defense industry are especially vulnerable to cyberattacks. They can become a launching point for supply chain attacks, with the ultimate goal of hacking government agencies or stealing state secrets and personally identifiable data of government employees. This risk increases with the amount of cash on the company's balance sheet - possibly due to an increased ability to make buyout payments - and with advertising expenses. Furthermore, companies focused on artificial intelligence, self-driving cars and other emerging technologies, as well as those with trade secrets or valuable research and development projects, tend to be targeted by cyberattacks.