Data leaks are getting more expensive: the average size of company losses due to hacking has grown to $ 4 million

Every month, information appears on the network that the servers of a company are hacked, the data of users or employees has been stolen, the company suffers losses. This kind of news has long been familiar since hackers break into corporate networks quite often. The main motive of hackers is material gain or corporate secrets. How much does the hacking cost for the company itself?

Our company together with the Ponemon Instituteconducted an analysis of a number of attacks carried out by attackers this and last year. The results of the study clearly show an increase in losses for a company that has become a victim of hackers with a subsequent data leak. The average loss in this case is about $ 4 million. In 2013, this indicator was 29% lower. Hacker attacks are becoming more powerful and complex, they are made more often than before. So, in 2015 the number of such incidents increased by 64%.

According to another study, the cost of a unit of data leakage during hacking (for example, information on one client of the company) is $ 158. This is an average for all types of companies. If we are talking about medicine, then this figure is higher, amounting to $ 355 per unit data leak. This is $ 100 more than in 2013.

Why is conventional hacking so expensive?

The fact is that most companies that become victims of cybercriminals simply do not have plans for hacking. Naturally, such incidents occur suddenly. And here the speed of the company's response to what is important is important. The more time it takes to react, the greater the loss. The faster the company responds, the lower the loss (at a normal response speed, the average amount of loss is reduced by $ 400,000, or $ 16 per data line). As we found out, approximately 70% of companies simply do not have a hacking plan.

And the process of responding to such incidents is quite complicated, it takes a lot of time to solve the problem. We advise having such a plan in stock, and in case of a problem, use it. Among other items of the plan, we recommend that you include the following:
• Attraction of information security experts (in-house IT staff or invited specialists) to quickly localize the source of data leakage and solve the leakage problem;
• Collaboration with law enforcement, government agencies, and regulators. This helps to find intruders, and, in some cases, to avoid fines;
• Communication with users, partners and shareholders;
• Hotline support for affected customers.

Completing each of the points above helps save valuable time for staff and management. As a result, everyone fulfills their own responsibilities, and each employee knows what needs to be done at a particular point in time.
The “quick response” team only works on solving the leak elimination problem, simultaneously finding out what data and how were compromised.

During the analysis of these leaks, we found out that the longer it takes to solve a problem, the more difficult and more expensive the solution will become. This may seem obvious, but not all companies or specialists understand this. If the average cost of a quickly resolved hacking problem is about $ 3.23 million, then leaks that were not discovered immediately, but, for example, 100 days after the incident, cost the company $ 1 million more.

How did we all know that?

The study was conducted on the basis of a large amount of data about hacks. During the preparation of the report, we took into account the direct and indirect costs of companies to solve hacking problems. We interviewed representatives of more than 400 companies from around the world. The questions concerned the main factors leading to losses in the course of solving the problem of hacking, as well as reputational risks and risks of complete loss of business.

“Over several years of research, we interviewed more than 2,000 organizations working in various fields. As a result, we found out that data breaches during hacking are now an integral part of doing business for the vast majority of respondents, ”says Larry Ponemon, a representative of the Ponemon Institute. "Obviously, when planning their work, companies should consider the possibility of hacking, making a plan in case of data leakage."

As it turned out, the probability of data leakage for the company as a result of a hacker attack is 26% for the next 24 months. In other words, every third organization will be hacked in the next 2 years.

As for the report, its full version is available here. There are also reports for specific countries, including the UK, USA, Germany, Australia, France, Brazil, Japan, Canada, South Africa, India, Italy and Arab countries.

As for your own company, the possible risks and losses can be calculated using a special service created by us in cooperation with the Ponemon Institute.