If you had any doubt that security breaches cost companies a lot, it is all clear now – the damages companies have to deal with after one breach are overwhelming! According to recent reports by te Ponemon Institute, organizations get hit by at least one successful attack per week, and the annualized cost to their bottom lines from the attacks ranges from1 million to 53 million USD per year. The reports were based on the analysis of 45 U.S. organizations hit by data breaches.
Ponemon Institute’s released two separate reports, ”The First Annual Cost of Cyber Crime Study” (PDF), which was sponsored by ArcSight, “The Leaking Vault” (PDF) released today by the Digital Forensics Association, both showing troubling findings for companies’ finances:
- a median cost of $3.8 million for an attack per year, including all costs, from detection, investigation, containment, and recovery to any post-response operations.
- out of 2,807 publicly disclosed data breaches worldwide during the past five years, the cost to the victim firms as well as those whose information was exposed reached $139 billion.
- nearly half of all of the reported breaches came from a laptop, which in 95 percent of the cases is stolen
- hacks led to the most stolen records during 2005 to 2009, with 327 million of the 721.9 million covered in the report, although hacks represent only about 16 percent of the data breaches
- Web-borne attacks, malicious code, and malicious insiders are the most costly types of attacks, making up more than 90 percent of all cybercrime costs per organization per year
- A Web-based attack costs 143,209 USD; malicious code, 124,083 USD; and malicious insiders, 100,300 USD.
“Information theft was still the highest consequence — the type of information [stolen] ranged from a data breach of people’s [information] to intellectual property and source code,” says Larry Ponemon, CEO of the Ponemon Institute. “We found that detection and discovery are the most expensive [elements].”