Skip to main content
close search
site logo
Dive Brief

Cyber incidents cost less than often cited, report finds

Published Sept. 21, 2016
By
Shalina Chatlani Associate Editor, Higher Ed
Flcikr user Yuri Samoilov

Dive Brief:

  • After observing a unique dataset of over 12,000 cyber incidents recorded between 2004 and 2015, a report from the Journal of Cybersecurity found the average cost of a data breach is less than $200,000, a figure that doesn't correlate to "the millions of dollars often cited in surveys."
  • Respectively, finance and insurance, healthcare and government entities suffered the highest number of reported breaches of all industries, according to the report. 
  • The authors also found that despite popular belief, the number of malicious incidents — as opposed to accidental ones — has not increased, remaining steady at 60% over the past decade. 

Dive Insight:

Cybersecurity and the best practices to protect data has been on the Obama Administration's radar for a while now. In 2013, the president signed an executive order to help secure critical national infrastructure from cyber data breaches and subsequently created the National Institute for Standards and Technology. In February this year, he even requested $19 billion to support a "broad-based cybersecurity strategy."

Though the administration has taken steps to develop standards around cybersecurity, NIST's recommendations are still voluntary. The recent report sought to understand whether firms have incentives to adopt cybersecurity standards, given the costs and causes of data breaches. 

After observing data from 12,000 cybersecurity incidents the authors found costs of cyber incidents to be much lower than the public tends to believe, particularly when compared to "bad debts and fraud" in other industries. 

"The findings suggest that public concerns regarding the increasing rates of breaches and legal actions may be excessive compared to the relatively modest financial impact to firms that suffer these events," according to the report. 

The data shows that cyber incidents cost firms only 0.4% of their annual revenues, much lower than retail shrinkage (1.3%), online fraud (0.9%), and overall rates of corruption, financial misstatements and billing fraud.

In answering how much a firm ought to spend on IT security the report shows that half of cyber events cost a firm an amount approximately equal to its annual investment in IT security. However, the writers don't offer a definite answer on whether a firm ought to be investing it's entire budget on cybersecurity initiatives. 

"On one hand, an executive who is skeptical of security investments may believe that unless a firm incurs a breach every year, it is wasting its IT security investment every year it does not suffer a breach," according to the report. "Alternatively, it may imply that a firm can expect to lose the equivalent of its IT security budget each time it suffers a data breach or security incident." 

Recommended Reading

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell