Rand Study: Average Data Breach Costs $200K, Not Millions

  /     /     /  
Publicated : 22/11/2024   Category : security


Rand Study: Average Data Breach Costs $200K, Not Millions


Rand taps multiple data sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.



The expense and impact of enterprise data breaches may be overblown, according to a new study from the Rand Corp.
We find that the typical cost of a data breach is less than $200,000, far lower than the millions of dollars often cited in surveys (e.g.
Ponemon 2015
), writes Sasha Romanosky, author of the Rand study,
Examining the costs and causes of cyber incidents
, released Tuesday. The study goes on to say that $200,000 is about what most companies spend annually on information security.
In May 2015, the Ponemon Institute placed the cost of an individual data breach at
$3.5 million
, which the consultancy said was a 15 percent increase from the year before. While Ponemon surveyed 314 companies in 10 countries, the Rand study drew on data from more than 12,000 cyber incidents between 2004 and 2015.
Rand also found that cyber incidents cost firms a mere 0.4% of annual revenues on average. By comparison, overall rates of corruption, financial misstatements, and billing fraud account for 5% of annual revenues, followed by retail shrinkage (1.3%), followed by online fraud (0.9%).
In other words, losses from security breaches are just another cost of doing business, the authors imply.
Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think, Romanosky said in a statement, the onslaught of headlines about breaches and hacks notwithstanding. It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You cant begrudge them for working that way.
The Rand researchers used data on cyber incidents collected by
Advisen
, a company that provides information on corporate losses to the insurance industry, using local and national news sources. Advisen also uses information from online data breach clearinghouses, state and federal agencies, and Freedom of Information Act (FOIA) requests.
Rand researchers tracked four types of security events:
Data breaches, or unauthorized disclosure of personal information, which Rand reports as the most common of the four events.
Security incidents, or what Rand calls malicious attacks directed at a company.
Privacy violations, or alleged violation of consumer privacy.
Phishing/skimming incidents (individual financial crimes).
Rands research shows that financial services (including insurance) endured the greatest number security breaches, followed by healthcare, government, education, manufacturing, and information services. But Romanosky and his team then took the number of incidents and divided it by the number of firms within each sector to come up with an incident rate to see whos at greatest risk. By that measure, government entities are the highest risk, followed by education, information services, and financial services.
When contacted by Dark Reading, Larry Ponemon, founder of the Ponemon Institute, said his organization collects and presents data differently than Rand, traveling the globe to collect data directly and not relying on surveys or third-party data.
One potential issue he cited in using insurance claims data was the large deductibles that arent always calculated in the final costs. Another issue with claims is that policies dont cover all the costs that we captured, he adds. One cost we found was business disruption where companies spend weeks or months trying to clean up their systems and get them back online.
Ponemon commends the Rand researchers for including mean and median data in their study. We dont have all the answers, so its important for companies to do this kind of inquiry, he adds.
Related Content:
Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
Security Staff Shortages Incur Higher Breach Recovery Costs
Average Cost Of Data Breaches Rises Past $4 Million, Ponemon Says
 

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Rand Study: Average Data Breach Costs $200K, Not Millions