Data leakage is becoming more expensive: the average size of company losses due to hacking rose to $ 4 million

Every month, information appears on the network that the servers of a particular company have been hacked, the data of users or employees have been stolen, and the company is suffering losses. News of this kind has long become familiar, as hackers crack corporate networks quite often. The main motive of hackers is material gain or corporate secrets. How much does the company itself cost such a hack?

Our company, together with the Ponemon Institute, conducted an analysis of a number of attacks carried out by hackers this year and last year. The results of the study clearly show the growth of losses for a company that has become a victim of hackers, with subsequent data leakage. The average amount of losses in this case is about $ 4 million. In 2013, this figure was 29% lower. Attacks of hackers are becoming more powerful and complex, they are made more often than before. So, in 2015, the number of such incidents increased by 64%.

According to another study, the cost of leaking a unit of data when hacking (for example, information on one client of the company) is $ 158. This is an average figure for companies of all types. If we are talking about medicine, then this figure is higher, amounting to $ 355 for leaking a unit of data. This is $ 100 more than in 2013.
')

Why is conventional hacking so expensive?

The fact is that most of the companies that become victims of intruders, simply do not make plans for the case of hacking. Naturally, such incidents occur suddenly. And here the speed of the company's response to the incident is important. The more time it takes to react, the greater the loss. The faster the company responds, the smaller the loss (at a normal reaction rate, the average amount of losses decreases by $ 400,000, or by $ 16 per data row). As we found out, about 70% of companies simply do not have a plan in case of a hack.

And the process of responding to such incidents is quite complicated, it takes a long time to solve the problem. We advise to have such a plan in stock, and in case of a problem, use it. Among the other points of the plan we recommend the following:
• Involving information security experts (our own IT staff or invited experts) to quickly localize the source of the data leak and solve the leak problem;
• Collaborate with law enforcement, government agencies and regulators. It helps to find intruders, and, in some cases, to avoid fines;
• Communication with users, partners and shareholders;
• Helpline for affected customers.

Doing each of the points listed above helps save valuable staff and management time. As a result, everyone performs their own duties, and each employee knows what needs to be done at a specific point in time.
The "quick response" team is only working on solving the problem of eliminating the leak, finding out in passing what data was compromised and how.

In the course of analyzing the leakage data, we found that the longer it takes to solve a problem, the more difficult and expensive the solution will be. This may seem obvious, but not all companies or specialists understand this. If the average cost of a quickly resolved hacking problem is about $ 3.23 million, then the leaks, which were not immediately detected, but, for example, 100 days after the incident, cost the company $ 1 million more.

How do we all know this?

The study was conducted on the basis of a large amount of data on perfect hacks. In the course of work on the preparation of the report, we took into account the direct and indirect costs of companies to solve burglary problems. We interviewed representatives of more than 400 companies from around the world. The questions concerned the main factors leading to losses in solving the problem of hacking, as well as reputational risks and risks of total loss of business.

“For several years of research, we interviewed more than 2000 organizations working in various fields. As a result, we found out that data breaches during hacking are now an integral part of doing business for the vast majority of respondents, ”said Larry Ponemon, a representative of the Ponemon Institute. “Obviously, companies when planning their work should consider the possibility of hacking, making a plan in case of data leakage.”

As it turned out, the probability of data leakage for the company as a result of a hacker attack is 26% for the next 24 months. In other words, every third organization will be hacked in the next 2 years.

As for the report, its full version is available here. There are also reports for specific countries, including the UK, USA, Germany, Australia, France, Brazil, Japan, Canada, South Africa, India, Italy and Arab countries.

As for your own company, the possible risks and losses can be calculated with the help of a special service created by us in cooperation with the Ponemon Institute.