Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/14/2014
03:10 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

Cost Of A Data Breach Jumps By 23%

Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.

Paging the incident response team: It now takes a large organization an average of 31 days at a cost of $20,000 per day to clean up and remediate after a cyberattack, with the total price tag for a data breach now at nearly $640,000.

That's an increase of 23% over last year, says Larry Ponemon, chairman and founder of the Ponemon Institute, whose 2014 Global Report on the Cost of Cyber Crime, an annual look at what organizations end up paying after a breach, will be published tomorrow.

"The most surprising finding from this study was that it takes an average of 31 days to resolve a cyberattack, costing an average of $20,000 per day," says Ponemon, whose study was commissioned by HP. "It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it. The ability to remain under the radar enables the adversary to invade your system even further -- making it more difficult to eliminate the attack completely, and increasing overall costs."

Ponemon, which surveyed 257 large companies in seven countries, measured the costs of more than 1,700 attacks suffered by the firms. The average cost of an attack is $639,462, according to the report.

Sean Mason, global incident response leader at CSC, says it can cost up to $400 per hour for an IR for-hire team that's not on retainer, "especially if you're behind the eight ball and under the gun." IR firms already have fairly full caseloads, so it will cost you to "move up to the top of the queue."

Companies that have an IR firm on retainer will pay much less, Mason says.

The new Ponemon data underscores the importance of early detection and better preparation for breaches. IR experts have been preaching solid IR plans and fire drills as a way to ease the ultimate damage and cost of a breach. Marshall Heilman, a consultant with FireEye's Mandiant who investigates breaches for its clients, says ideally, the mean time to remediate from a breach should be less than one week. "How can you tell if your IR plan is working? If most organizations can get to under one week [to remediate], they're doing pretty well," he said at the MIRcon conference last week in Washington, DC.

By contrast, some large defense contractors can do so in 8-12 hours, he said. "That's awesome."

[Incident response pros share tips on how to have all your ducks in a row before the inevitable breach. Read How To Be A 'Compromise-Ready' Organization.]

The average cost of cybercrime per company in the US was $12.7 million this year, according to the Ponemon report, and US companies on average are hit with 122 successful attacks per year.

Globally, the mean annualized cost for the surveyed organizations was $7.6 million per year, ranging from $0.5 million to $61 million per company. Interestingly, small organizations have a higher per-capita cost than large ones ($1,601 versus $437), the report found.

Some industries incur higher costs in a breach than others, too. Energy and utility organizations incur the priciest attacks ($13.18 million), followed closely by financial services ($12.97 million). Healthcare incurs the fewest expenses ($1.38 million), the report says.

Malicious insider attacks cost the most for an organization ($213,542) and are the rarest form of attacks. DDoS attacks are a close second in cost ($166,545), according to the report. "The most expensive attacks are malicious insiders, denial of service, web-based attacks and malicious code. Malware attacks are most frequently encountered and, hence, represent a relatively low unit cost."

Mason says malicious insider attacks are likely more expensive because, unlike with most attacks, there's "a name and a face" associated with them. "Malicious insiders either took something or did something, and you put the weight of the company behind it, so it's going to incur a lot of costs."

Business disruption is the highest external cost, followed by information loss. Internally, detection is the priciest, the report says.

"Attackers only need one shot to gain access to an organization's data, which could result in a huge financial impact for the organization as well as reputational damage," Ponemon says. "It is critical for organizations to take preventative measures and invest in the security of their organization, as that investment could significantly decrease any financial losses that could occur from a public security breach."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 4:10:42 PM
Re: Downloading the Ponemon report
Sure
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/16/2014 | 4:09:10 PM
Re: Downloading the Ponemon report
That research sounds intersting, @securityaffairs. I hope you can share some of your findings with us at some point.. 
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 9:44:43 AM
Re: Downloading the Ponemon report
Hi Marlyn, 

I'm currently working to the analysis of the cost for the data breach that impacted 80% of South Korean ... it could have a social impact of different $ Billions ... and many other incident had similar or greater impact
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/16/2014 | 9:27:13 AM
Re: Downloading the Ponemon report
I totally agree with you, @securityaffairs. These numbers give us a window into the total cost -- and probably not the whole picture. But they the trend will be continue to grow higher over time.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
10/16/2014 | 5:46:36 AM
Re: Downloading the Ponemon report
Very interesting ... but I believe that it is just the ti of the iceberg ... a serious evaluation of the cost os a data breach is quite impossible for a multitude of factor that concurs to its qualification. 

Consider that in many cases analytic data are not available ...

the figures provided give us just an excellent view of the current trend ... but I believe that cost is higher

 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 1:11:53 PM
Downloading the Ponemon report
Here's a URL for how to get the full report, which went live today:

http://www8.hp.com/us/en/software-solutions/ponemon-cyber-security-report/index.html?jumpid=va_mq32xtevyi
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:46:57 AM
Re: The real cost of security
"it's easier to impose security on a more uniform environment than on a complex, heterogeneous enterprise environment."

I agree with it. Some of these problems are coming from an old system that has been forgotten and not shutdown while everybody is happy on a new environment, this simple old technology would easily bring down whole enterprise network.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:42:39 AM
Re: Pressure points for change
I agree. At the same time, some companies do not see the pressure of regulations. If you are not in contact with the government, it is less likely you cover the expense of putting proper measures in place coming from regulations.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
10/15/2014 | 10:38:23 AM
too much money
It looks like however you look at it recovering from an attack is always costlier than preventing it. What is more scary is that we have been hearing these attacks lately more often than earlier in the past so there is an exponential upward trend. It is time to take put different measure such as identify who is behind and punishing them for what they did.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/15/2014 | 10:35:57 AM
Re: Pressure points for change
Interesting. It's too bad, though, that it still takes compliance to force their hand. There should be a more strategic view about breach inevitability. 
Page 1 / 2   >   >>
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.