week 9

K1.9 The types of impacts that can occur within an organisation as a result of threats and vulnerabilities

When organisations face threats (e.g. cyberattacks, natural disasters, insider threats) or vulnerabilities (e.g. weak passwords, unpatched software, poor access control), the impacts can be serious and wide-ranging.

Below are the main types of impacts, with examples and explanations.

Danger to Life

🔐 Impact:

Breaches in health and safety policies can result in injury or even death, especially when IT systems are involved in critical areas such as healthcare, manufacturing, or security.

🧾 Example:

• A hacker disables a smart fire alarm system, delaying emergency response.

• A system error in a hospital causes incorrect dosages of medication to be given.

📌 Key Point:

IT systems increasingly control physical systems—when they fail, human life can be put at risk.

Privacy Impact

Impact:

Confidential and personal data can be exposed through data breaches, leaks, or unauthorised access.

Example:

• Employee records containing names, addresses, and bank details are stolen.

• A cybercriminal gains access to customer login information and sells it online.

Includes:

• Identity theft

• Business espionage

• Loss of customer trust

Property and Resources

Impact:

Attacks or errors can cause physical damage to equipment or IT resources, or make systems inaccessible.

Example:

• Malware corrupts the central server, making all systems unusable.

• An intruder physically damages the network cabinet in a data centre.

 Can include:

• Hardware damage

• Software/data corruption

• Loss of access to cloud platforms or network systems

Economic Impact

Impact:

Organisations can face financial losses from system downtime, ransom demands, fraud, or lost business.

Example:

• A company pays a ransom to restore encrypted data.

• An online retailer loses thousands of pounds due to a website outage during peak sales.

Consequences include:

• Cost of system recovery

• Loss of sales/revenue

• Increased insurance premiums

Reputational Impact

Impact:

Security incidents can damage trust in the business, affecting how customers, partners, and the public view the organisation.

Example:

• News spreads that a company has lost customer data due to poor cyber security.

• Negative media coverage leads to customer cancellations and drop in stock value.

Effects:

• Brand damage

• Loss of customer loyalty

• Decline in public confidence

Legal Impact

Impact:

Failing to meet legal responsibilities (e.g. GDPR, health and safety laws) can lead to prosecution, fines, or other penalties.

Example:

• A company fails to report a data breach within the legal timeframe and is fined.

• An employer is prosecuted after a preventable cyber-physical safety incident harms a worker.

Covers:

• Data protection laws

• Regulatory compliance

• Employee protection laws

Last Updated
2025-07-11 15:05:36