Dear Kasili! I advise you to get acquainted with the views of the professionals on this issue (in the Attachment).

Vladimir

The effects of cyber attacks are not necessarily intangible at all. They may be very real.

All depends on what digital system is being attacked. There is an increasing number of critical control systems that are more or less vulnerable to cyber attacks, and the effect of successful hacking can run the gamut from being a nuisance only, to being deadly. And even if not control systems, cyber attacks can affect the economy, one's personal finances, one's work products, intellectual property, and any number of aspects of people's lives, in extremely tangible ways.

Mr. Manfredi is absolutely right. Look, for instance, at Distributed Denial of Service (DDoS) attacks on business or government Internet gateways. These attacks are usually maliciously launched from botnets (a number of pre-hacked earlier computers around the globe) in order to hide who the real cybercriminals are, and can paralyze users’ access to those gateways for a long while.

Then people needed medications, transportation services, any type of emergency help, etc. are blocked from getting it done. Government agencies managing over the networks electrical grids, atomic stations, and other vitally important infrastructures can lose control with possibly following serious damages. Hence, your mention that “… its ability to cause casualties or physical damage is very limited.” should be reconsidered.

What does a cyberattack really cost? Regulatory fines, public relations costs, breach notification and protection costs, and other consequences of large-scale data breaches are well-understood. But the effects of a cyberattack can ripple for years, resulting in a wide range of “hidden” costs—many of which are intangible impacts tied to reputation damage, operational disruption or loss of proprietary information or other strategic assets...

https://www2.deloitte.com/us/en/pages/about-deloitte/articles/press-releases/deloitte-identifies-14-business-impacts-of-a-cyberattack.html

https://www2.deloitte.com/us/en/pages/risk/articles/hidden-business-impact-of-cyberattack.html

https://www2.deloitte.com/content/dam/Deloitte/us/Documents/risk/us-risk-beneath-the-surface-of-a-cyber-attack.pdf

I do not agree that "most cyberattacks produce intangible effects". To begin with it is a very vague statement. Secondly, why would you consider anything without tangible, observable effects to be an attack at all? I believe that any (successful) attack by definition needs to have some effects sometime, sometime being the keyword. For example: If commercial secrets are stolen by cyber espionage means, the "effect" may be intangible at the time, but after the thief has used the information (e.g. by selling their own cheaper products) it may eventually lead to bankrupcy for the victim, which is an extremely tangible effect.

There are many intangible effects of cyber attacks (fear, paranoia, apathy, complacency, risk, information overload, stress, reduced productivity, certification, etc.), though most of them link to tangible (training, cost, theft, policy, employment). 

It also depends on the perspective. If the attacker is the object: joy, accomplishment, reputation, knowledge.

Dear Mutambo,

This thesis is also useful for your work :

http://www.diva-portal.org/smash/get/diva2:1024766/FULLTEXT02.pdf

I'm not sure whether you are asking to see people's replies or really mean it but whatever the case, cyber attacks are real and have costed millions of dollars to benign and otherwise victims. Take for example  Hollywood Presbyterian Medical Hospital which this year literally paid $17000 just for a ransomware attack or consider the other lady at BBC whose work and thesis were too, attacked by ransomware, where the only remedy was to pay the criminal. So whether at individual or organisational level, cyber attacks have caused more harm and continue to mutate their complexity making it hard for us to keep up. Maybe it's intangible in some isolated instances of some context... otherwise what's the point of computer security! :)

Any cost that is unquantifiable value relating to the identifiable source is intangible. Losses in productivity, customer goodwill and drops in employee morale represent some of the expenses of intangible costs. The value of a farm does not represent in such expenditures. However, upper management can only designate an estimated impact of intangibles. When costs of the intangible are ignored, company’s performance can suffer significantly. Every cost that is tangible is habitually correlated with items that also have related intangible costs. A subjective value placed on circumstance or cyber attack event endeavors to quantify impacts are classified as intangibles.

Dear colleagues, most appreciated of your respective inputs that will assist in understanding of the rapidly ever-evolving cyber-attack phenomenon

 Operational risk is usually the topic which receives the least amount of attention; however, it may indeed be the risk that could cause the largest impact. After all, a ‘fat finger event’ at HanMag securities in Korea lead to the Korean Exchange utilising non-defaulting clearing members’ default fund contributions for the first time in memory, whereas in contrast the default of Lehman Brothers (a large clearing member of numerous CCPs) was dealt with effectively in the sense of having sufficient margin to cover exposures. The main subject of this article, however, is not ‘fat fingers’ but rather cyber-crime, another type of operational risk...

http://ds.thomasmurray.com/opinion/ccp-focus-%E2%80%93-intangible-risk-tangible-effects

Thank you once again, colleagues, the intangible effects are not easily quantified in the aftermath of an incident of the cyber attack. The intangible effects could include a firm's: reputation damage; loss of trust, low customers confidentiality, fears of privacy loss, among others. 

Thank you colleague for the invaluable additions

How to not get hacked

"A cyberattack can mean losing precious or sensitive files, such as health records, or having to pay a ransom to regain access to them. To prevent this from happening, “update your software regularly; implement firewall and antivirus solutions; control access and permissions to your systems; encrypt sensitive data”, says information-technology specialist Ildeberto Aparecido Rodello. If you’ve been hacked, “pull out the plugs and shut it down”, advises information-security expert Sarah Lawson. “Close it and then seek advice.”..."

https://www.nature.com/articles/d41586-024-00818-x