Cybersecurity Committee: Risks Involved With a Cyber Incident

March 4, 2021

For a more visual presentation, download the Cybersecurity Committee's Step One infographic here. Otherwise, read the risks involved with a cyber incident below.

Operational Risk
  • Operations and technologies shut down and are unable to be used so employees cannot produce
  • Comfort, automation, and health safety systems controlled by network become inoperable so employees cannot work in the environment
  • Internal and external email and telephones systems are often shut down so intercompany communication and communications with customers and vendors are often shut down or heavily impacted
  • Ecommerce and banking systems are shutdown or heavily impacted
  • Public Facing websites are often taken down or unusable
  • Physical Security infrastructure operations and communications are often affected.
For more information: Reference CIS Controls – Basic/Foundational Sections 1 – 16Financial Risk
  • Loss of productivity and revenues add up quickly when employees cannot work
  • Bank and payment processing systems are often affected, severely limited, and made unusable. Making payments or bringing money in from sales impossible.
For More Information:  Reference CIS Controls – Organizational Sections 17,19,20Legal Risk
  • Failure of notification services of the breach by city, county, state, and country as required by the entities and within the required timeline may result in tremendous fines.
  • Potential litigation with customers and vendors
  • Potential Criminal suit brought against the company and or executives
  • Potential Civil lawsuits from those that you have exposed PII, PHI and other personal data.
For more information: Reference CIS Controls – Organization Sections 17, 19, 20Reputational Risk
  • Your name of brand can be irrevocably hurt by a cyberattack.
  • Those you serve may lose trust in your ability to adequately conduct business. Particularly in the security field where a high degree of “customer data protection” is expected
  • High-profile dealings with law enforcement after a breach are often publicized through all types of news media
  • Vendors may show a preference for your competitors or abstain from conducting business with your company
  • Stakeholders may face personal scrutiny and adverse public opinion
  • The method and timing of notifying the media and others about the breach may provide severe backlash on the company and leadership.
For more information: Reference CIS Controls – Organization Sections 17, 19, 20

To learn more from the PSA Cybersecurity Committee, visit!