Calculating Lost Profits from a Cyberattack

September 29, 2022

By: Libby Neubauer, Forensic Accounting Manager

At a glance

  • The main takeaway: Cyberattacks can result in significant financial losses and potentially create lasting damage to a business’s bottom line.
  • Impact on your business: Monitoring the most vulnerable areas of your business and enlisting the help of a forensic accounting team enables you to protect against cyberattacks and start the road to recovery if you do fall victim.
  • Next steps: Aprio’s Forensic Services Team can help you accurately quantify your lost profits so your business can recover faster and move forward with confidence.

Schedule a consultation with Aprio today

The full story:

A cyberattack can release an avalanche of issues for your business, from reputational damages to recovery costs. But lost profits are perhaps some of the most consequential side effects for victims. According to a recent survey by IBM, in 2021 lost business opportunities represented the largest share of data breach costs for victims, with an average total cost of $1.59 million.

How can you safeguard the most financially vulnerable areas of your business against cyberattacks? And if you do fall victim to an attack, how can you start the process of recovering lost profits and getting on the road to recovery? Below, we provide answers to these questions and more.

Which areas of your business are most vulnerable to cyberattacks?

Knowing where dangerous (and costly) cyberattacks are most likely to occur in your business helps you ramp up your fraud prevention efforts and potentially even minimize the financial effects of a breach. Some of the most common sources for costly cyberattacks stem from:

  • Nefarious employees: I covered employee fraud in a recent article (click here to read it) and shared some of the entry points internal actors can use to commit financial crimes. Employees with access to confidential client or financial data wield considerable power, and those with bad intentions could cause significant financial damage if they are not supervised properly.
  • Outdated software: If you use legacy accounting software and miss crucial system upgrades or don’t back up your data, then you face major risks when it comes to cyber fraud. If your business operations fall under this category, Aprio’s Data Analytics Team can provide incredible help in evaluating the best system and processes for your business. Many businesses opt to store their critical client and financial data in the cloud on platforms in which backups are autonomous as a way to avoid system failures or patch up gaps in which malicious actors can enter.
  • Phishing and ransomware: Today’s phishing attacks have grown more sophisticated and advanced and thus have become harder for employees to detect. Phishers will often send convincing, false emails to employees posing as clients and ask for a certain sum of money to be transferred via wire or their account. Ransomware, on the other hand, can take the form of software and makes it impossible for employees to access tools and systems until they pay a certain amount of money. Many organizations have invested in cybersecurity training programs and circulated them internally to teach employees how to spot external threats more successfully. If you have not currently invested in cybersecurity training or tools, Aprio’s Digital Transformation and Cybersecurity Team is here to help.

Building the “paper trail”: the process for recovering lost profits

So, what happens if you fall victim to the cyberattacks listed above and you suffer financial losses? You will likely need to enlist the help of a qualified forensic accounting team to initiate a lost profit calculation and be your advocate as you begin damage recovery.

Essentially, lost profits are a calculation of the economic damages caused by a disruption in your operations, such as a cyberattack. The calculation is comprised of your business’s actual results during the loss period and the “but-for” results for that same period if the loss didn’t happen. When you subtract your actual results from your but-for results, the difference is your lost profits.

This calculation is far from simple, which is why having a qualified forensic accountant on your recovery team is so essential. While every forensic accounting team has its own unique approach, many of them take these steps when starting the lost profit calculation process:

  1. Gather contextual information on the business that suffered the losses
  2. Identify the loss period
  3. Calculate the net sales value loss
  4. Value the expenses that did not occur due to the cyberattack
  5. Determine other potential saved expenses
  6. Investigate the actual results

The bottom line

When you are looking for advice for recovering damages from fraud or any loss event, the right expertise matters. At Aprio, our Forensic Services team members have the knowledge, skill, experience, training and education to support businesses in the most challenging fraud cases and help them calculate loss profits efficiently. We deliver proven computer forensics, collections, interviewing, forensic document analysis and investigative techniques to assist with determining the extent of alleged wrongful acts, including cyber fraud.

If you have been a victim of a cyberattack and need help recovering lost profits, schedule a consultation with our team today.

Recent Articles

About the Author

Haley Beatty

Haley Beatty is a forensic accounting, financial crime reporting expert. Her specialties include Anti-Money Laundering (AML), Know Your Client (KYC) investigation and regulatory compliance. She has advised some of the largest financial institutions in the world and led teams of 500 investigators. Haley works closely with clients to establish and advance AML compliance, monitoring and reporting programs that exceed regulatory requirements. She has experience advising a broad spectrum of financial industry clients from FinTech companies to MSBs and transaction processors.