Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    RAND Insurance Payout Study Hints at Smaller Average Data Breaches

    By
    ROBERT LEMOS
    -
    September 24, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Data Breach Losses 2

      Companies that spend little on security workers and technologies may not be acting irresponsibly, but making rational choices, because the cost of the average cyber-security incident is much less than previously estimated, according to research released this week by the RAND Corp.

      The analysis found that the average incident costs companies about $200,000, much less than $1.0 million—the average cost of a cyber-criminal event as estimated using data from the annual Cost of Cybercrime report conducted by the Ponemon Institute.

      Those losses only amount to 0.4 percent of annual revenues, costing companies far less than the annual costs of retail shrinkage at 1.3 percent and online fraud at 0.9 percent, Sasha Romanosky, a policy researcher with RAND and the author of a paper on the analysis, told eWEEK.

      “That is telling and it’s important, because if the losses were really high, then that would be a strong incentive for the company to adopt more security and improve their practices,” he said.

      The data for the analysis was provided by for-profit insurance information firm Advisen, which collects data on a variety of incidents and their eventual insurance payouts. Romanosky analyzed 12,000 cyber-security incidents over a decade.

      But despite this report’s findings, some large enterprises are getting hit with painfully big losses that show why some companies need to invest in strong cyber-security measures.

      Target’s 2013 breach involving the credit-card and personal information of 70 million customers cost the company at least $291 million as of May, damages that eventually may exceed $370 million. On Sept. 22, Yahoo acknowledged that attackers may have made off with the log-in credentials of some 500 million customers.

      While large breaches make headlines, the vast majority of cyber-crime incidents are much smaller and cost far less. How much is still a large question mark. Researchers and statisticians have trouble quantifying the damage.

      The averages vary from a median of $200,000 per incident for Romanosky’s analysis to an annual total of $5.5 million in the Ponemon Institute report and a stunning $150 million as calculated by Deloitte & Touche in a recent paper seeking to take into account more “soft” costs, such as increases to insurance premiums, costs of operational disruptions, lost customers, loss of intellectual property and the loss of brand value.

      Such soft costs are hard to quantify, however, so Romanosky used only documented costs, he said.

      “We cannot deal with reputation and brand; we don’t look at stock market price and revenue,” he said. “We are not measuring any externalities or any chilling effects that may occur. We are trying to stay focused on the firm stuff.”

      In addition to the hard-to-quantify costs, the difference between the cost estimates of the Ponemon Institute and the Advisen data set could arise from differences in data sets. The median company in the Ponemon data set is between 5,000 and 10,000 employees.

      Yet, without massive and widespread losses, companies will likely continue to make security investments a lower priority, Romanosky said.

      “They will keep doing what they are doing, unless something big happens,” he said. “You have to really suffer a personal loss and then feel the impact and feel personal change to change your behavior.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×