Survey: Financial Costs of a Cyber Attack Increasing Year over Year

Nov. 28, 2017
Enterprise organizations that have been impacted by cyber breaches report that monetary losses from cybersecurity events have increased year over year, according to the 2017 U.S. State of Cybercrime survey.

Enterprise organizations that have been impacted by cyber breaches report that monetary losses from cybersecurity events have increased year over year, according to the 2017 U.S. State of Cybercrime survey.

Looking at the financial ramifications of cyber attacks, the survey notes that there are many metrics to measure the impact of an attack, both hard costs and time as well as reputation. One thing that cannot be disputed is the financial costs of a cyberbreach. The survey found that 21 percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884,000, compared to estimates of $471,000 from the previous year.

The survey aims to provide a look into the state of U.S. cybersecurity, revealing how security and business leaders are defending their organizations, the top threats they are facing as well as ramifications when an attack occurs. The survey is a collaborative effort between CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service and Forecepoint. The survey was published by IDG Communications.

The survey found that the prominence of security continues to be elevated within organizations. Thirty-five percent of top security executives report to the CEO, and 50 percent have security leadership brief the board of directors at least quarterly.

Almost half of organizations (48 percent) have seen budget increases for security, resulting in an average IT security budget of $11 million, and an additional $9 million dedicated to physical security.

Organizations are using these growing budgets to put tools and processes in place to keep data and assets secure, and to address anomalies. To catch insiders who may have malicious intent, 58% of organizations monitor user behavior.

To address concerns about trusted partners steps are being taken outside of organization walls, as 47 percent are evaluating their supply chain vendors and partners to ensure approved security practices are in place before signing a contract. To ensure security practices are maintained, 58 percent of enterprise organizations (1,000+ employees) require business partners to sign service-level agreements to specify cybersecurity standards.

However, despite increased budgets and C-level support, security leaders’ concerns over cyber threats is growing Three quarters of security leaders are more concerned about cybersecurity threats now than there were in 2016, according to the survey.

Looking at the who and how behind cyber incidents, the majority of organizations that have identified a breach (79 percent), claim that the event was committed by an outsider. In addition, 31 percent of  organizations responding to the survey had at least one insider incident in 2016, however, 76 percent of those incidents were handled internally, without involving legal action or law enforcement, according to the survey.

The survey report authors note that as organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches. Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections.

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...