SOAR Platform / Blog / Don’t Be a Cyber Breach Statistic

Don’t Be a Cyber Breach Statistic

First, we heard 4.2 million people were affected in the Office of Personnel Management federal government breach. Then a couple of weeks later the number became 18 million. Some mentioned a larger number – 32 million – OPM Director Katherine Archuleta does not want to discuss that number at this time.

It feels like we hear about a new high-profile security breach every day. And when we hear about the breach, it is quite often a huge news story and many times, it is the lead story on the various national news channels.

There is no doubt that the importance of cybersecurity is on the minds of CEOs and Boards of Directors of companies nationally and globally. If it is not a priority, it should be. We shouldn’t ask whether a breach will happen. Management, CIOs, CISOs, Security Teams and the Board of Directors all understand the question is now: “when will the breach happen?”

Cyber attacks are inevitable. How your company responds, and how quickly, will make all the difference in the world.

These days, the Security Operations Team does not need to convince the CEO and management to prepare the company. Your company must take the steps to prepare, organize, rehearse, and train properly.

Let’s look at some numbers. They are mind-boggling numbers, frankly.

Important cyber breach statistics

60% of cases, attackers are able to compromise an organization within minutes.

75% of cyber attacks spread from Victim 0 to Victim 1 within 24 hours.

23% of recipients now open phishing messages and 11% click on attachments.

15% of incidents still take days to discover.

55% of the top actions causing a cyber attack was privilege abuse (internal actors abuse their access).

$3.79 million is the average total cost of a data breach globally.

$6.53 million is the total average organizational cost of a data breach in the U.S. in 2015.

$170 is the average cost per lost or stolen record caused by a malicious or criminal breach.

23% is the increase in the total cost of a data breach since 2013.

$1.57 million is the total average cost of lost business in 2015.

47% of all breaches were the result of malicious or criminal attacks (the highest cause).

256 days is how long it takes to discover a malicious attack, on average.

783 total breaches occurred in 2014.

85,611,528 is the total number of records exposed in 2014.

56,000,000 is the total number of exposed records in the Home Depot breach.

Company loss statistics

$10 billion: Home Depot – Forbes Magazine’s estimates the total cost in recurring expenses of the Home Depot breach to be $10 billion by the end of the decade. Recurring expenses include: investigation, remediation, notification, identity theft and credit monitoring, disruption in normal business operations, lost business and lawsuits. 

$83 million and $35 million: Sony – Macquarie Research estimates $83 million for rebuilding Sony’s computer systems. The cleanup costs alone will likely be $35 million for the full fiscal year, so far.

$252 million: Target – The total cost of the Target breach is $252 million and counting. Moreover, with an offsetting amount of $90 million in insurance proceeds, the total net expenses come to $162 million, according to Mintz Levin.

$100 million: Anthem – We won’t know the total cost of this breach for many months to come. Their $100 million insurance policy is likely not enough to cover these costs. These costs additionally include issuing breach notifications, paying OCR penalties, implementing new security measures and fighting impending lawsuits, according to HIPAA Journal.


Preparedness is key in defending against a cyber attack. For example, a cyber attack is much like a tornado. It’s important to prepare in advance. Be ready to defend against what going to be a massive storm. Additionally, focus on minimizing the resulting damage to your company and brand. Your priority is getting back on the path to recovery and survival.