Don’t Be a Statistic. These Numbers Are Scary!
First we heard 4.2 million people were affected in the Office of Personnel Management federal government breach. Then a couple of weeks later we hear the number may be 18 million. Then there is a number of 32 million that has been mentioned but the OPM Director, Katherine Archuleta does not want to discuss that number at this time.
It feels like we hear about a high-profile security breach every day. And when we hear about the breach, it is quite often a huge news story and many times, it is the lead story on the various national news channels.
There is no doubt that the importance of cybersecurity is on the minds of CEOs and Boards of Directors of companies nationally and globally. If it is not a priority, it should be. No longer is the question – Will we get breached? Management, CIOs, CISOs, Security Teams and the Board of Directors all understand the question is now – When will we get breached? Cyber attacks are inevitable. How your company responds, and how quickly, will make all the difference in the world.
These days, the Security Operations Team does not need to convince the CEO and management that the company must be prepared. Being prepared, organized, rehearsed and trained properly are the most important steps your company can take.
Let’s look at some numbers. They are mind-boggling numbers, frankly.
75% of cyber attacks spread from Victim 0 to Victim 1 within 24 hours.
23% of percentage of recipients now open phishing messages and 11% click on attachments.
15% of incidents still take days to discover.
55% of the top action which cause a cyber attack was privilege abuse (internal actors abuse the access they have been entrusted with).
$6.53 million is the total average organizational cost of a data breach in the U.S. in 2015.
$170 is the average cost per lost or stolen record caused by a malicious or criminal breach.
23% is the increase in total cost of data breach since 2013.
$1.57 million is the total average cost of lost business in 2015.
47% of all breaches were caused by malicious or criminal attacks (the highest cause).
256 days is the average it takes to discover a malicious attack.
783 – This is the number of total breaches in 2014.
85,611,528 – This is the total number of records exposed in 2014.
56,000,000 records – This is total number of exposed record in the Home Depot breach.
$10 billion: Home Depot – Forbes Magazine’s estimates the total cost in recurring expenses of the Home Depot breach to be $10 billion by the end of the decade. Recurring expenses include: investigation, remediation, notification, identity theft and credit monitoring, disruption in normal business operations, lost business and lawsuits.
$83 million and $35 million: Sony – The number of $83 million is the estimated cost by Macquarie Research to rebuild Sony’s computer systems. The cleanup costs alone, are estimated to be $35 million for the full fiscal year, so far.
$252 million: Target – The total cost of the Target breach is $252 million and counting. With an offsetting amount of $90 million in insurance proceeds, the total net expenses come to $162 million, according to Mintz Levin.
$100 million: Anthem – The total cost of this breach is still to be determined for many months to come. The total cost is expected to exceed their $100 million insurance policy with costs that include issuing breach notifications, paying OCR penalties, implementing new security measures and fighting impending lawsuits, according to HIPAA Journal.
Preparedness is key in defending against a cyber attack. It is much like a tornado. You prepare in advance. You are ready to defend against what is likely the largest storm you have ever experienced. You are organized and focused on minimizing the resulting damage to your company and brand. Your priority is getting back on the path to recovery and survival.