- TfL shares its first-ever estimate of the cyberattack’s cost
- It is around $38m, with a significant part going to external help
- Experts call upon tighter cooperation to protect critical infrastructure
To address the cyber attack Transport for London (TfL) suffered in September this year, the organization has had to spend around £30 million (roughly $38 million), it was confirmed.
This was the first time TfL tried to estimate the financial cost of the cyberattack, The Standard writes in its report, adding that more data will be available in the coming weeks.
In early September, the local government body responsible for managing the transportation system in Greater London reported suffering a cyber-incident, and a few weeks later, a teenager was arrested.
No insurance
A subsequent investigation determined that certain customer data was accessed and stolen, possibly including bank account numbers and sort codes.
A spokesperson to the organization was cited saying that it’s still too early to determine the full financial impact of the attack, since there are “a range of costs associated with managing and mitigating the cyber incident”, on which TfL has already spent around £5m. That, The Standard further clarifies, includes “external support” – third-party cybersecurity organizations that help respond and remedy the attack. “There are also costs associated with delays to some projects as well as costs that ensured we could keep London moving while we dealt with the incident.
TfL is still working on restoring its “back office”, it was said, and has recently started accepting applications for concessionary fares. To make matters worse, the organization was not insured against cyber-attacks since, as the publication cites, such risk is “borderline uninsurable”.
“Every single penny that we’ve needed to divert to responding to the cyber incident is a penny we cannot use for the benefit of customers and the benefit of improving services around London,” TfL chief finance officer Rachel McLean allegedly told the board.
“The £5m already spent has been funded out of TfL’s central contingency budget and we are doing everything we can to mitigate the impact and reduce the final cost.
“Due to their importance, safeguarding critical national infrastructure is vital to maintain order and prevent potential disasters caused by threats such as cyber-attacks,” commented Spencer Starkey, Executive VP of EMEA at cybersecurity pros SonicWall.
“Ensuring the cybersecurity of critical national infrastructure requires a comprehensive and ongoing effort. The ramifications of an attack and ensuing outage on CNI can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing them.”
Starkey called for “constant communication and cooperation,” as teamwork between private and public sectors, and imposing strict punishment, is the best way to protect critical infrastructure.
Via The Standard