We've updated our policy regarding how we treat and protect data that is collected and used from our websites. This site also uses cookies which are necessary to its functioning and required to achieve the purposes illustrated in the policy. By using this site you agree to our use of cookies. Please read our Privacy Policy for more information and your related choices.

Getting Hacked: A Look at the Damage Hackers Cause

Having your website hacked is a colossal headache. Layers of content are going to be de-ranked in the major search engines, you may have to delete and reinstall your entire site, and there is an immediate anti-trust barrier that's established between you and your customers that were subject to any malicious material post-hack.

But, having your website hacked does more damage than you may think. Today, we're going to explore the damage a hack can do, and how having your website hacked could put your entire company/organization at risk.

This post was fueled by reading the account of how 18 million websites were hacked during WordPress's largest security breach. Let's see how having a hacked website can destroy your online presence, impact your customers, and damage your search engine rankings.

Your Customers

After your website suffers from a successful hacking attempt, the first people that are going to suffer are likely going to be your customers. Since they are the ones who's security is most at risk, they are going to be the ones that are immediately impacted.

Their suffering will, in turn, be reflected in your company. Customer's simply lose trust in a company that has been subject to a security breach.

Here are some statistics that back this up:

  • In a survey from FireEye, 72% of customers said that they would no longer trust a website that had been subject to a security breach.
  • According to the Internet Society's 2016 report, 52% of customers will not do business with a company that has ever had a security breach.

If you've been subject to a security breach, you need to inform your customers immediately. Finding a way to squirm your way around the apologizing for the hack can be difficult. Forbes has a great article where J.J. Thompson, CEO at Rook Security, talks about some great methods to implement post-hack to save as many customers as possible.

The Cost

What is the cost of getting your website hacked? According to a multi-country ransomware study sponsored by Malwarebytes on 1,054 companies with less than 1,000 employees, its $100,000 per event - 22% of which had to cease operations immediately. The U.S.' National Cyber Security Alliance places the cost at around $690,000, which is probably why 60% of small businesses that get hacked go out of business within 6 months.

That means that over half of small businesses that are subject to a hacking attempt will go out of business in half a year. To make things scarier, SiteLock reported that a typical small business is subject to 44 hacking attempts per day! Let's say that again. 44 hacking attempts every single day.

Let's look at some other statistics that will help give you some insight into the cost of being hacked.

  • If your company has moved past the "small business" title, the average cost of a malware attack goes up to $2.4 million according to Accenture.
  • If any customer records were subject to hackers during the hack, you're looking at an average cost of $255 per customer record that was stolen.
  • If we include the loss of goodwill, increased customer acquisition costs, and the overall lack of trust associated with a hack, the average business is looking at a cost of $4.13 million.
  • Total cybercrime damage is projected to be around $6 trillion a year by 2021.
  • Money aside, the average time cost after a malware attack is 50 days.

Search Engine Rankings

Starting last year, DigiCert began revoking SSL certificates from websites that they found were subject to hacks — ranging from small-scale phishing injections to large-scale virus hacks.

Having your HTTPS certificate revoked results in an immediate ranking hit. Not only is Google punishing websites for not having a certificate in ranking, but Google Chrome is also displaying non-HTTPS sites as "not secure" when users visit them.

Having your website hacked can result in your website-security status as being "insecure" and your pagerank that you worked so hard to obtain stripped from you entirely. As HTTPS moves forward, certificate authorities are stripping privileges away from websites that have malicious material more regularly in an attempt to protect end-users.

According to Ahrefs, the 1st page Google content is 2+ years old. If you've worked hard to make it to the top of Google, getting hacked can completely destroy your multi-year ranking strategy.

Open-Source CMSs

If your website uses an open-source CMS, hacking should be at the forefront of your mind. By nature, open-source content management systems have critical security issues. These open-source environments that promote "shared development" dissolve responsibility by nature, while vulnerabilities are actively sought by a massive community of both hackers and security analysts — leading to a constantly evolving framework of vulnerabilities.

As an example, Over 90,000 attacks are happening to WordPress websites per minute according to WordFence.

Currently, Drupal is in the middle of highly critical core issues, which is the third highly critical security flaw that they have had this year.

At the same time, Joomla! is having their own XSS and file inclusion vulnerabilities this year.

While Joomla! and Drupal certainly aren't secure, WordPress has so many issues with plugins, core vulnerabilities, and themes, that it stands out as the most vulnerable CMS at the moment. In fact, over  70% of all WordPress websites are vulnerable right now!

Since WordPress accounts for over 30% of all websites, and, as we continually point out, it has massive security problems, hacking directly affects WordPress users. Hackers are targeting WordPress at alarming rates — both because it's so big and because it's so vulnerable.

WordPress websites are particularly vulnerable to cryptojacking attempts via plugins. In 2017, crypto jacking attacks rose by over 8,000%.

Sucuri's annual report showed that WordPress, Joomla!, and Magento were all far-and-away the most hacked CMS's on the planet.

Time to Deal with Website Security

Website security has never been more critical than it is now. The cost of having your website hacked is massive, the trust that you lose in your customers could sink your business, and the most popular CMS's are all subject to an insane amount of hacks every single day. There's a reason that cybersecurity costs are predicted to be over $1 trillion annually within the next few years. Companies are reacting to the incredibly unstable climate of cybersecurity.

Investing in cybersecurity can be daunting.  Another approach is to simply find a website builder and hosting solution that puts security first – that keeps you and your clients secure.