The most popular and comprehensive Open Source ECM platform
Evaluating the risks and costs involved in security breaches may not follow the common rule-of-thumb calculations that are now commonly performed.
Ponemon and IBM have published an annual report that estimates the costs inflicted on businesses that suffer data breaches. Typically the costs are estimated as an average cost per record involved in the breach. For 2019 the number that’s been used is $150 per breached record.
But it’s not that simple, according to a new report by Cyentia. For example, the monetary costs borne by a small company was found to be very different than a large company.
The Cyentia report found that breaches were significantly more likely to be experienced by large companies — 25 percent of Fortune 1000 companies would fall victim. That compared to small businesses where only 2 percent were affected. But the monetary effect on the businesses were significantly different. A breach at a large company was well less than 1 percent of annual revenues to address, something which can fairly easily be overcome. But breaches at small companies could account for as much as 25 percent of annual revenues.
Without good risk estimates, companies fly blindly. Wade Baker, partner at the Cyentia Institute, said that “s wildly overestimated view of the potential impacts of these cyber events will lead to wildly overspending to mitigate them, which will lose the confidence of the board in the long run. And we’ll lose the ability to have a real discussion and be taken seriously.”
David Severski, senior data scientist at Cyentia, said that “a single cost-per-record metric simply doesn’t work and shouldn’t be used. It underestimates the cost of smaller events and overestimates large events.”