If you think cybercrime is something that can only happen to large organizations with gaping security holes leaving your business risk-free, it’s time to think again. Cybercrime leads the pack as the primary cause of data breaches, with 50% involving a criminal or malicious attack. Highest hit industries continue to be those that are heavily regulated, including those in the financial, health, and technology sectors.
The first cybercrime came in the form of the Morris worm, a computer virus originally intended to be innocuous and simply gauge the size of the internet. Evidence of how sometimes good things go bad, the code could unintentionally infect a computer multiple times, bog down the system, and eventually render it nonfunctional. These innocent roots spawned many subsequent hacking endeavors.
The evolution of the internet also brought along with it the evolution of cybercrime, or spamming. Spammers made significant gains through unsolicited emails, and later malware. Malware was then used to create Distributed Denial-of-Service (DDoS) attacks that could target popular websites and bring them down for long periods of time. After this, came the harvesting of personal information off of computers, along with other sensitive information for political or economic gain.
Data Breach Frequencies
Although the cost of data breaches has remained significantly consistent, their frequency has continued to skyrocket — cementing cybercrime as a cost that every organization should be prepared to shoulder. Over the past 11 years, data breaches have reached new peaks, with the most costly breach occurring in 2011, when organizations were paying out over 7 million per data breach. Today’s costs reliably hover around that once groundbreaking number.
In 2013, a reported 7% of all U.S. organizations lost a million dollars or more, each as a result of cybercrime. And almost 1/5th of all organizations reported losses of $50,000 or more. In 2014 alone, 47% of American adults had their personal information compromised on account of data breaches, much of it linked to credit card fraud. And data breaches targeting consumer information continue to rise, increasing 62% from 2012 to 2013.
Costs of Data Breaches
The cost of data breaches has also continued to rise. The average cost of a data breach has grown by 7% from 2015 to 2016. The churn attributed to such data breaches has increased by 3%, and the average size of a data breach has increased by 5%. The average cost for each lost or stolen record containing sensitive and confidential information increased from $217 to $221 with those that are caused by malicious attacks averaging $236. A significant portion of these costs come from the loss of existing customers and the cleanup involved in the righting of a situation after such an overturn. Additionally, the total average cost that organizations paid increased from $6.53 million to $7.01 million.
As cybercrime increases, so does the cost of detection and escalation. Audit services, crisis teams, incidence response plans, and public relations management all contribute to the cost of managing a cyberattack. These costs have increased from $0.61 million to $0.73 million in the last year, showing a greater investment in — and also a greater need for — these types of services.
Data breaches have increased significantly over time, and should, unfortunately, be considered a standard risk of business in modern times. As data breaches increase, efforts to prevent and contain them must also rise to the occasion. The cost of data breaches can be reduced by having an incidence response plan on-hand, enhanced security and encryption, and required employee training.