How much damage do cyberattacks actually cause?

As we enter the digital era of the 21st century, the role of cyberattacks on state infrastructure has become increasingly effective. From disruptions at Marks & Spencer (M&S), to breaches in the NHS and UK secondary schools, cyberattacks have been a major news source this past year. And yet, despite the frequent coverage, most people lack clarity about how these attacks occur and the extent of the damage they truly cause. 

Attacks can take many different forms: 

• Ransomware, where attackers encrypt data, often locking out users, and demand payment in return for decryption.  

• Phishing, often seen as emails, where people are tricked into handing over sensitive information, as seen in breaches of retail chains such as M&S. 

• Distributed denial-of-service (DDoS) attacks overload networks, causing temporary shutdowns, which are often harmful enough, but become more lethal when inside threats further exploit the sabotage while systems are down.  

Some attacks require advanced technical skills; however, in recent years, there has been a rise in the proliferation of ‘cybercrime-as-a-service’ for hire, meaning even unsophisticated criminals can deploy damaging campaigns, increasing the overall threat landscape. 

The consequences of cyberattacks extend beyond immediate disruption and financial losses can be substantial

Cyberattacks have also become a tool for hostile states to test systems and cause damage without a clear military provocation. For example, Russia has repeatedly used cyber operations as part of its geopolitical strategy in Europe. They have been accused of causing incidents targeting critical infrastructure, such as energy grids and government databases. 

There is also the human effect of cyberattacks. Each time personal information is leaked, or lives are affected, the public’s confidence in institutions is undermined.  

But if it is only information leaked, what’s the real harm?  

The consequences of cyberattacks extend beyond immediate disruption and financial losses can be substantial. There is frequently a large cost in restoring systems, paying ransoms, and compensating affected customers. For instance, M&S faced operational delays across its supply chain, affecting sales and causing produce to go out of date. 

There have even been instances of loss of life when hospital systems have been locked out, causing surgeries to be cancelled and treatment to be delayed.  

While this may all sound scary, hope is not lost. 

It is important to remember that media coverage frequently sensationalises cyberattacks, and threats are quickly detected and neutralised regularly, with effects often being manageable.  

But the frequency and sophistication of attacks are rising. The challenge lies in ensuring the infrastructure we depend on is prepared. 

Already, the UK government has invested heavily in cybersecurity frameworks to help the state and business develop a level of resilience. Furthermore, while the rise of AI has contributed to breaking certain forms of cryptography, it has also helped in developing significantly more secure forms of encryption, keeping data safe. 

The combination of personal vigilance and professional oversight helps to keep most systems intact

Individuals also have a role to play in reducing their exposure to cyberattacks. Simple measures such as using unique passcodes for different accounts, exercising caution with downloads and links, and installing antivirus software can significantly reduce personal vulnerability. 

Furthermore, in an era where AI threatens to automate many computing-related roles, cybersecurity expertise remains indispensable. As my friend so well described in my research for this article: “People will always be stupid with their security, so I will always have a job to stop them.” Many companies continue to hire specialists to ensure their systems remain secure; the reputational risk and potential fines are worth the investment. 

The combination of personal vigilance and professional oversight helps to keep most systems intact. 

Cyberattacks are a complex and evolving threat. They play an increasing role in geopolitics, especially for rogue states. Attacks also help shape the economy through disruption and financial loss and have created a need for a completely new sector of employment: cybersecurity. 

Cyberattacks are an inevitable cost of the digital dependence reality we live in. Combating the threat will require individual vigilance, organisational resilience, and strategic national investment in the correct frameworks. Only by recognising the real threats of cyberattacks and preparing ourselves can we remain in control of our digital future.