Cyber Fraud involves the loss of data. Data is intellectual property
and a precious resource to organizations.
MICHAEL HAUGEN, CPA/CFF, CFE
EPPS FORENSIC CONSULTING PLLC
Please call or email me directly with your questions regarding this
article or to discuss your financial expert witness needs.
Calculating the Cost of
It seems more and more common to turnon the local news only to hear an- other story about a cyber-attack or a
data breach. Cyber Fraud involves the
loss of data. Data is intellectual property.
By nature, it is intangible. Yet its value is
regarded as a precious resource to any
Cyber Fraud Risk
Cyber Fraud can occur any number of
ways (e.g. malicious attack or error). It can
occur locally or remotely. As the world
has and continues to become more connected, there is an increasing exposure
to Cyber Fraud risk.
The 2016 Breach Level Index report1
indicates that the number of data breach
events worldwide during 2016 totaled
1,792 (down about 4% from 2015), but
involving no less than 1. 4 billion records
(up about 86% from 2015).
The majority of incidents stemmed
from malicious outsiders (68%), while
only 9% stemmed from a malicious insider. The types of organizations involved
in these incidents is most heavily weighted toward government entities (28%) and
technology companies (28%). The majority of data misappropriated involved
personal information (i.e. identity theft)
(59%) and financial access information
Quantifying Financial Damages
When a data breach occurs, forensic accounting experts are in a unique position
to assist in measuring resulting financial
At the start of a Cyber Fraud investigation, forensic accounting experts team
with data security and other IT professionals to understand the extent, type
and nature of the stolen data. They work
with counsel and members of the subject
organization to document how the stolen data was used in the normal course of
business and how its absence has or is
anticipated to affect operations.
From this process, forensic accounting
experts quantify financial damages due
to Cyber Fraud, which may include, but
are not limited to:
u Lost Profit
Lost profit due to Cyber Fraud stems
from lost revenue. It may result from
an organization’s inability to accept
or solicit orders due to a loss of data
necessary to do so.
Alternatively, lost revenue may stem
more from the event itself rather
than the lost data. For example,
publicity regarding the event may
yield a decline in revenue in a
highly competitive market where
consumers choose to change who
they do business with as a result of
the data breach.
v Consequential Costs
Cyber Fraud may result in extensive
consequential costs to an organiza-
tion. Aside from legal fees and the
cost to investigate, such costs may
include, for example, data recon-
struction costs, corrective market-
ing, and maybe even ransom pay-
ments to protect the data from
release or to secure its return.
An organization may incur greater
than normal costs in fulfilling continuing revenue due to a change in
business processes because of the
data breach. Such incremental costs
should be considered.
w Consumer Costs
Organizations may incur costs to
monitor consumer credit or establish a hotline to resolve consumer
complaints as a result of Cyber
Organizations may also face fines
from various government agencies
or pursuant to other contractual
Investigating a Cyber Fraud Event
The process, timing, and cost involved in
investigating a Cyber Fraud event will
vary case by case. So too will the types
and amount of potential financial damages.
The prominence of Cyber Fraud incidents, and increasing magnitude of such
events, suggests that however varied each
case may be from another, the risk will
remain at the forefront of investigations
in the years to come. Forensic accounting
experts play a key role in assisting counsel in navigating that process.