Do you own your own business? Or do you work for a business that has suffered a data breach? No matter what, business owners and employees have to face a new reality when it comes to the damage that can result from a data breach — and that is how much money is lost when hackers strike.
A new study says the average cost of a malicious data breach has risen to $840,000 — but that’s only an average, which means your company could suffer a far worse financial fallout. Even worse, most data breaches remain undetected for a long time, according to the Ponemon Institute study. The results showed it takes about three months to discover a malicious breach.
The Post Breach Boom
In order to understand the steps companies are taking to protect customers after data breaches, the Ponemon Institute surveyed 3,529 security professionals who had one or more data security breaches in the past 24 months. Highlights of the research include the following findings:
Data breaches are on the rise and organizations are unprepared to detect them or resolve them. According to the majority of respondents, data breaches have increased in both severity (54 percent) and frequency (52 percent) in the past 24 months. While 63 percent say that knowing the root causes of breaches strengthens their organization’s security posture, only 40 percent say they have the tools, personnel, and funding to pinpoint the root causes.
Breaches remain undiscovered and unresolved for months. On average, it is taking companies nearly three months (80 days) to discover a malicious breach and then more than four months (123 days) to resolve it.
Security defenses are not preventing a large portion of breaches. One third of malicious breaches are not being caught by any of the companies’ defenses—they are instead discovered when companies are notified by a third party, either law enforcement, a partner, customer or other party—or discovered by accident. Meanwhile, more than one third of non-malicious breaches (34 percent) are discovered accidentally.
Malicious breaches are targeting key information assets within organizations. Nearly half of malicious breaches (42 percent) targeted applications and more than one third (36 percent) targeted user accounts.
Impact and cost of breaches. On average, malicious breaches ($840,000) are significantly more costly than non-malicious data breaches ($470,000). For non-malicious breaches, lost reputation, brand value, and image were reported as the most serious consequences by participants. For malicious breaches, organizations suffered lost time and productivity followed by loss of reputation.