Attacks/Breaches
10/14/2014
03:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Cost Of A Data Breach Jumps By 23%

Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.

Paging the incident response team: It now takes a large organization an average of 31 days at a cost of $20,000 per day to clean up and remediate after a cyberattack, with the total price tag for a data breach now at nearly $640,000.

That's an increase of 23% over last year, says Larry Ponemon, chairman and founder of the Ponemon Institute, whose 2014 Global Report on the Cost of Cyber Crime, an annual look at what organizations end up paying after a breach, will be published tomorrow.

"The most surprising finding from this study was that it takes an average of 31 days to resolve a cyberattack, costing an average of $20,000 per day," says Ponemon, whose study was commissioned by HP. "It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it. The ability to remain under the radar enables the adversary to invade your system even further -- making it more difficult to eliminate the attack completely, and increasing overall costs."

Ponemon, which surveyed 257 large companies in seven countries, measured the costs of more than 1,700 attacks suffered by the firms. The average cost of an attack is $639,462, according to the report.

Sean Mason, global incident response leader at CSC, says it can cost up to $400 per hour for an IR for-hire team that's not on retainer, "especially if you're behind the eight ball and under the gun." IR firms already have fairly full caseloads, so it will cost you to "move up to the top of the queue."

Companies that have an IR firm on retainer will pay much less, Mason says.

The new Ponemon data underscores the importance of early detection and better preparation for breaches. IR experts have been preaching solid IR plans and fire drills as a way to ease the ultimate damage and cost of a breach. Marshall Heilman, a consultant with FireEye's Mandiant who investigates breaches for its clients, says ideally, the mean time to remediate from a breach should be less than one week. "How can you tell if your IR plan is working? If most organizations can get to under one week [to remediate], they're doing pretty well," he said at the MIRcon conference last week in Washington, DC.

By contrast, some large defense contractors can do so in 8-12 hours, he said. "That's awesome."

[Incident response pros share tips on how to have all your ducks in a row before the inevitable breach. Read How To Be A 'Compromise-Ready' Organization.]

The average cost of cybercrime per company in the US was $12.7 million this year, according to the Ponemon report, and US companies on average are hit with 122 successful attacks per year.

Globally, the mean annualized cost for the surveyed organizations was $7.6 million per year, ranging from $0.5 million to $61 million per company. Interestingly, small organizations have a higher per-capita cost than large ones ($1,601 versus $437), the report found.

Some industries incur higher costs in a breach than others, too. Energy and utility organizations incur the priciest attacks ($13.18 million), followed closely by financial services ($12.97 million). Healthcare incurs the fewest expenses ($1.38 million), the report says.

Malicious insider attacks cost the most for an organization ($213,542) and are the rarest form of attacks. DDoS attacks are a close second in cost ($166,545), according to the report. "The most expensive attacks are malicious insiders, denial of service, web-based attacks and malicious code. Malware attacks are most frequently encountered and, hence, represent a relatively low unit cost."

Mason says malicious insider attacks are likely more expensive because, unlike with most attacks, there's "a name and a face" associated with them. "Malicious insiders either took something or did something, and you put the weight of the company behind it, so it's going to incur a lot of costs."

Business disruption is the highest external cost, followed by information loss. Internally, detection is the priciest, the report says.

"Attackers only need one shot to gain access to an organization's data, which could result in a huge financial impact for the organization as well as reputational damage," Ponemon says. "It is critical for organizations to take preventative measures and invest in the security of their organization, as that investment could significantly decrease any financial losses that could occur from a public security breach."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 4:10:42 PM
Re: Downloading the Ponemon report
Sure
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/16/2014 | 4:09:10 PM
Re: Downloading the Ponemon report
That research sounds intersting, @securityaffairs. I hope you can share some of your findings with us at some point.. 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 9:44:43 AM
Re: Downloading the Ponemon report
Hi Marlyn, 

I'm currently working to the analysis of the cost for the data breach that impacted 80% of South Korean ... it could have a social impact of different $ Billions ... and many other incident had similar or greater impact
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/16/2014 | 9:27:13 AM
Re: Downloading the Ponemon report
I totally agree with you, @securityaffairs. These numbers give us a window into the total cost -- and probably not the whole picture. But they the trend will be continue to grow higher over time.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 5:46:36 AM
Re: Downloading the Ponemon report
Very interesting ... but I believe that it is just the ti of the iceberg ... a serious evaluation of the cost os a data breach is quite impossible for a multitude of factor that concurs to its qualification. 

Consider that in many cases analytic data are not available ...

the figures provided give us just an excellent view of the current trend ... but I believe that cost is higher

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 1:11:53 PM
Downloading the Ponemon report
Here's a URL for how to get the full report, which went live today:

http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report/index.html?jumpid=va_mq32xtevyi
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:46:57 AM
Re: The real cost of security
"it's easier to impose security on a more uniform environment than on a complex, heterogeneous enterprise environment."

I agree with it. Some of these problems are coming from an old system that has been forgotten and not shutdown while everybody is happy on a new environment, this simple old technology would easily bring down whole enterprise network.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:42:39 AM
Re: Pressure points for change
I agree. At the same time, some companies do not see the pressure of regulations. If you are not in contact with the government, it is less likely you cover the expense of putting proper measures in place coming from regulations.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:38:23 AM
too much money
It looks like however you look at it recovering from an attack is always costlier than preventing it. What is more scary is that we have been hearing these attacks lately more often than earlier in the past so there is an exponential upward trend. It is time to take put different measure such as identify who is behind and punishing them for what they did.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 10:35:57 AM
Re: Pressure points for change
Interesting. It's too bad, though, that it still takes compliance to force their hand. There should be a more strategic view about breach inevitability. 
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.