How the next cyber incident may impact you
Entire communities can feel the effects — and bear the costs — when cyber criminals breach a single organization. Here’s what each of us can do about it.
As our world becomes increasingly digitized and connected, cyber crime has emerged as one of our society’s most serious threats. Criminals continue to refine methods of infiltrating digital networks and deceiving employees at organizations, which can result in businesses being unable to operate, data being stolen and consumers losing services.
Increasingly, the criminals are targeting essential industries and service providers, such as hospitals, energy delivery companies, food suppliers and software companies. The cost to these organizations is immense: The average total cost to an organization of a data breach in 2022 was $4.35 million — a 12.7% increase since 2020.1
But this estimate does not fully account for costs to consumers, who may experience higher prices, hardship due to loss of essential services and an overall feeling of mistrust when organizations they depend on experience a breach.
It can be difficult to understand the seriousness of cyber crime unless we are directly affected by it. Yet it is important to recognize that as our economy becomes increasingly globalized and interconnected, no one is immune from the impacts of cyber insecurity.
Here are some ways you or your community might experience the effects of a cyber incident that targets an organization you depend on for goods, services or safekeeping of your personal information:
Essential services can be disrupted, and highly sensitive personally identifiable information (PII) can be stolen.
Electricity and water availability or quality can be compromised, leading to service disruptions.
Compromised business software can result in denial of service or inoperable networks for downstream users.
Breaches can lead to production delays that result in higher prices and food shortages.
Cities experiencing cyber incidents may become unable to make payroll, and their essential services could be suspended.
Students may be unable to attend digital classes, and their personally identifiable information can be compromised.
Furthermore, every citizen has a stake in supporting a culture of cyber awareness and defense that extends to private businesses, the public sector and our personal lives. The better the threat is understood, the more resources we have to defend against it.
Consumers and citizens often experience residual effects of cyber crime, even if they are far downstream from the initial breach or incident.
All industries, companies and communities are at risk for cyber crime
Cyber incidents involving large companies make headlines for good reasons: These breaches often involve the compromise of millions of customer account details or a demand for millions of dollars in ransom. But criminals are opportunistic and willing to exploit any weakness in any organization’s digital defenses if there is a potential for profit, even (and in some cases especially) when public safety will be compromised. For example, when hospitals are suddenly unable to access their servers, patient records or connected devices, patient health and privacy are at risk.
Cyber crimes that focus on supply chains can create effects that trickle downstream and are experienced by consumers as goods shortages, higher prices or interrupted services. In some cases, affected consumers and businesses may be in completely different countries. During an incident where software used by many businesses is compromised, service interruptions can happen in multiple locations.
Public trust is also at risk
If essential organizations and service providers experience cyber crime, consumers and constituents may experience doubt about those organizations’ security, and they may even become concerned for their own personal safety. The reputational damage that can accompany a serious breach can be severely damaging to almost any institution.
Yet it is important to remember that even the most robust security defenses and most diligent organizations are not immune to cyber crime. Trust is a function of a commitment to cyber security, which includes a high level of transparency, effective communication and rapid remediation after an incident occurs.
As a private citizen, you can demand accountability and responsiveness from institutions and businesses, before and after a cyber incident occurs.
How you can contribute to your community’s cyber security
Consumers and citizens can have an indirect impact on cyber security by prioritizing it. By learning about cyber best practices, we can be more proactive in making sure the organizations where we work, shop and use for delivery of essentials are invested in their own security — and ours.
You can help build a culture of cyber security in several ways:
- Support businesses and organizations that show accountability and dedicate resources to their cyber security practices.
- Learn about the cyber security protocols of any organization where you work, volunteer or regularly attend events.
- Follow good cyber hygiene protocols while using your personal online accounts, including social media.
- Share good cyber practices with your family and friends.
Turning cyber security into a society-wide objective requires proactive buy-in from individual citizens, business and community leaders, educational institutions and security professionals. Keeping our core institutions and essential businesses safe is an ongoing challenge, but the more you know about digital security and how to respond to cyber incidents, the better prepared your community becomes.
Stay connected, stay protected
To help keep your Merrill account information safe and secure, make sure your contact information is up to date and set up security and account alerts so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center for tips on how to recognize potential scams and learn more about how to keep your accounts safe.
1 IBM Corporation, “Cost of a Data Breach Report 2022,” July 2022.
Neither Bank of America nor its affiliates provide information security or information technology (IT) consulting services. This material is provided "as is,“ with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this material, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, quality and fitness for a particular purpose. This material should be regarded as general information on information security and IT considerations and is not intended to provide specific information security or IT advice nor is it any substitute for your own independent investigations. If you have questions regarding your particular IT system or information security concerns, please contact your IT or information security advisor.