This Is How Much a Mega Breach Really Costs

  /     /     /  
Publicated : 22/11/2024   Category : security


This Is How Much a Mega Breach Really Costs


The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.



Companies hit with a data breach pay an average of $3.86 million around the world, marking a 6.4% increase from last year. Its no small amount for any company, but a few million is only a small fraction of the cost of mega breaches, which compromise at least 1 million records.
The 2018 Cost of a Data Breach Study, sponsored by IBM Security and conducted by the Ponemon Institute, annually evaluates the total cost of security incidents. This marks the first time researchers calculated costs associated with breaches ranging from 1 million to 50 million lost records.
So whats the damage? It turns out massive security breaches come with equally large price tags, ranging from $40 million for 1 million records lost to $350 million for 50 million records lost.
Researchers had been wanting to dig into the financial impact of mega breaches but previously lacked the data to do so, explains Caleb Barlow, vice president at IBM Security.
You have to remember if we go back three or four years ago, when you got into these scenarios, unless they were credit-card-related, companies didnt need to disclose, he says. Now, as a result of breach disclosure laws, analysts have more data to work with.
As for the overall price increase of 6.4%, Barlow says the most concerning aspect isnt the percentage itself, but the fact it continues to grow at all. The potential impact on consumers, and the companies supporting them, has become significant enough to gain board-level attention.
With the average cost just under $4 million – and [were] not talking about mega breaches when we say $4 million – the fact this continues to grow is indicative that we as an industry havent got our arms around this yet, he says.
According to the study, most data breaches (48%) come from malicious or criminal attacks, which are the most expensive, at $157 per capita. Twenty-seven percent are caused by human error – for example, negligent employees or contractors ($131 per capita). One-quarter result from system glitches, including both technical and business process failures ($128 per capita).
Hundreds of factors
influence the cost of a data breach. Third-party involvement is the most significant: If a third party causes an incident, it costs the company about $13 per record stolen, the report reveals. Every company nowadays is not a product only of what they do, but their supply chain as well, Barlow points out. Extensive cloud migration and compliance failure both contribute to the growing cost, adding about $12 per record to the total expense. 
One of the factors researchers can better calculate is the reputational side of breach cost, including customer churn and brand damage. If a customer decides not to conduct business with a company due to a breach, or to wait to process a transaction, it can have a pretty devastating impact, he continues. Attackers are taking notice.
Not only is that potential impact understood now in the cost of a data breach, but its something the adversary is very much aware of as well, Barlow says. Companies with less than 1% loss of existing customers have an average breach cost of $2.7 million. Researchers estimate those with a churn rate over 4% face an average cost of $4.9 million.
Cost of data breach disclosure is another pricey factor, and its highest in the United States. Not only is the attack surface larger there compared with other nations, but there are also 49 unique breach disclosure laws to deal with. Companies will likely have to handle the process differently in each jurisdiction where they do business, increasing the cost of alerting users.
Fortunately, a few practices can lessen the financial burden of a data breach.
There are definitely some things that can reduce the cost, says Barlow, and not just breach prevention. This marks the second year in a row that incident response – having a team and plan in place for remediation – is the top cost-cutting measure ($14 per record).
Extensive use of encryption is another cost saver, cutting about $13 per record, followed by business continuity management (BCM) involvement and employee training ($9.30 each), participation in threat sharing ($8.70), artificial intelligence platforms ($8.20), and use of security analytics ($6.90).
Related Content:
Major International Airport System Access Sold for $10 on Dark Web
What We Talk About When We Talk About Risk
7 Ways to Keep DNS Safe
Data Breaches at Timehop, Macys Highlight Need for Multi-Factor Authentication
 
 
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
 and
to register.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
This Is How Much a Mega Breach Really Costs