Attacks/Breaches
10/14/2014
03:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Cost Of A Data Breach Jumps By 23%

Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.

Paging the incident response team: It now takes a large organization an average of 31 days at a cost of $20,000 per day to clean up and remediate after a cyberattack, with the total price tag for a data breach now at nearly $640,000.

That's an increase of 23% over last year, says Larry Ponemon, chairman and founder of the Ponemon Institute, whose 2014 Global Report on the Cost of Cyber Crime, an annual look at what organizations end up paying after a breach, will be published tomorrow.

"The most surprising finding from this study was that it takes an average of 31 days to resolve a cyberattack, costing an average of $20,000 per day," says Ponemon, whose study was commissioned by HP. "It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it. The ability to remain under the radar enables the adversary to invade your system even further -- making it more difficult to eliminate the attack completely, and increasing overall costs."

Ponemon, which surveyed 257 large companies in seven countries, measured the costs of more than 1,700 attacks suffered by the firms. The average cost of an attack is $639,462, according to the report.

Sean Mason, global incident response leader at CSC, says it can cost up to $400 per hour for an IR for-hire team that's not on retainer, "especially if you're behind the eight ball and under the gun." IR firms already have fairly full caseloads, so it will cost you to "move up to the top of the queue."

Companies that have an IR firm on retainer will pay much less, Mason says.

The new Ponemon data underscores the importance of early detection and better preparation for breaches. IR experts have been preaching solid IR plans and fire drills as a way to ease the ultimate damage and cost of a breach. Marshall Heilman, a consultant with FireEye's Mandiant who investigates breaches for its clients, says ideally, the mean time to remediate from a breach should be less than one week. "How can you tell if your IR plan is working? If most organizations can get to under one week [to remediate], they're doing pretty well," he said at the MIRcon conference last week in Washington, DC.

By contrast, some large defense contractors can do so in 8-12 hours, he said. "That's awesome."

[Incident response pros share tips on how to have all your ducks in a row before the inevitable breach. Read How To Be A 'Compromise-Ready' Organization.]

The average cost of cybercrime per company in the US was $12.7 million this year, according to the Ponemon report, and US companies on average are hit with 122 successful attacks per year.

Globally, the mean annualized cost for the surveyed organizations was $7.6 million per year, ranging from $0.5 million to $61 million per company. Interestingly, small organizations have a higher per-capita cost than large ones ($1,601 versus $437), the report found.

Some industries incur higher costs in a breach than others, too. Energy and utility organizations incur the priciest attacks ($13.18 million), followed closely by financial services ($12.97 million). Healthcare incurs the fewest expenses ($1.38 million), the report says.

Malicious insider attacks cost the most for an organization ($213,542) and are the rarest form of attacks. DDoS attacks are a close second in cost ($166,545), according to the report. "The most expensive attacks are malicious insiders, denial of service, web-based attacks and malicious code. Malware attacks are most frequently encountered and, hence, represent a relatively low unit cost."

Mason says malicious insider attacks are likely more expensive because, unlike with most attacks, there's "a name and a face" associated with them. "Malicious insiders either took something or did something, and you put the weight of the company behind it, so it's going to incur a lot of costs."

Business disruption is the highest external cost, followed by information loss. Internally, detection is the priciest, the report says.

"Attackers only need one shot to gain access to an organization's data, which could result in a huge financial impact for the organization as well as reputational damage," Ponemon says. "It is critical for organizations to take preventative measures and invest in the security of their organization, as that investment could significantly decrease any financial losses that could occur from a public security breach."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
aws0513
50%
50%
aws0513,
User Rank: Ninja
10/15/2014 | 10:31:02 AM
Pressure points for change
Good article.  It is helpful to see generalized quantification of the costs related to IR and breach remediation.

But I have found that compliance pressure still has an upper hand on changing security programs within organizations.  If an organization cannot resolve audit findings, there is more and more pressure from the regulatory side of the house when they threaten to cut funding or accesses necessary for business to continue.  It seems that organization managers feel more immediate pressure from these forms of punishment.  It is a known known as opposed to an known unknown.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/15/2014 | 9:54:23 AM
Re: Cost of a breach
"I guess you are only fined when you fail an audit, but not when you are breached."

Great point, @jsturonas600 Says a lot about regulatory effectiveness (or lack thereof)
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
10/14/2014 | 10:09:47 PM
The real cost of security
The better it's understood what these attacks really cost, the better financed the security team is likely to be. In the end, secure cloud operations, if such a thing doesn't become an oxymoron, will be a powerful argument to do enterprise computing there. It's easier to impose security on a more uniform environment than on a complex, heterogeneous enterprise environment.  
Broadway0474
50%
50%
Broadway0474,
User Rank: Apprentice
10/14/2014 | 10:07:00 PM
Re: Cost of a breach
In many states, public companies that are breached have to pay for public notification of the event, then pay for every affected consumer to get credit services. Couldn't those charges be considered "de facto fines"?
jsturonas600
50%
50%
jsturonas600,
User Rank: Apprentice
10/14/2014 | 9:29:04 PM
Cost of a breach
it is interesting that while we hear about the importance of compliance for regulations around protecting sensitive information, the cost of a breach does not seem to include any fines from the industry that are regulating the sensitive information. Maybe there are fines, but they pale in comparison to the other losses, but I am not aware of any fines being issued for any of the most recent breaches. I guess you are only fined when you fail an audit, but not when you are breached. 
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
10/14/2014 | 4:00:54 PM
Those malicious insiders...
 "The most expensive attacks are malicious insiders, denial of service, web-based attacks and malicious code. Malware attacks are most frequently encountered and, hence, represent a relatively low unit cost."

Malicious insiders still a key threat.  This definitely ties into the need for more practive controls including employee training, but also ensuring the right data policies are in place to make sure users only have access to what they should have access to based on role.  Additionally, ensuring that the right policies are in place to deal with removing users from access, and managing the right controls for third parties and contractors.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
10/14/2014 | 3:55:09 PM
Re: Cost +
Those would definitely be interesting elements in the fallout analysis, @IMjustinkern. As we've seen, stock prices tend to rebound fairly well in some of the big retail companies. =)
IMjustinkern
50%
50%
IMjustinkern,
User Rank: Strategist
10/14/2014 | 3:52:41 PM
Cost +
Ponemon always does a solid job with these surveys. Sobering but important to put financial figures behind this. I wonder if there's a way for future surveys to summarize "secondary" sources of fiscal damage? I'm thinking drops in stock value? Or something noting how many people were canned or resigned from a huge breach? I don't think these figures would be out of line in the "cost" side of a breach and would certainly catapult the impact.
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.