Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers. Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined. The cybercrime prediction stands, and over the past year, it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally. The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organised crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.
Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and repetitional harm. Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication, and cost. The Yahoo hack was recently recalculated to have affected 3 billion user accounts, and the Equifax breach in 2017 — with 143 million customers affected — exceeds the largest publicly disclosed hacks ever reported. These major hacks alongside the WannaCry and NotPetya cyberattacks which occurred in 2017 are not only larger scale and more complex than previous attacks, but they are a sign of the times.
2017 report from
According to Forbes:"It’s estimated that cybercrime will cost approximately $6 trillion per year on average through 2021. That’s a massive figure, one that is almost impossible for most people to imagine. But more concerning than the number itself is what it means for modern businesses. Everywhere, companies are upping their cybersecurity budgets in an attempt to lower the catastrophic costs of a potential data breach.
The average cost of a breach tallies into the millions, but the dollars lost only account for the direct cost of a breach. That figure is quantifiable for businesses, but the true costs cut even deeper"
Cost analysis reveals a relationship between the average total cost of data breach and the size of the incident. In this year’s study, the average total cost ranged from $1.9 million for incidents with less than 10,000 compromised records to $6.3 million for incidents with more than 50,000 compromised records. Last year the cost ranged from $2.1 million for a loss of less than 10,000 records to $6.7 million for more than 50,000 records.
Third party involvement in a breach and extensive cloud migration at the time of the breach increases the cost. If a third party was involved in the data breach, the cost of data breach increased by as much as $17 per compromised record with an adjusted average cost of $158 per record ($141+$17). Organisations undergoing a major cloud migration at the time of the breach saw this increase to per capita cost by $14, with an adjusted average cost of $155 ($141+$14) per record.
(2017 Cost of Data Breach Study: Global Overview Ponemon Institute)
The faster the data breach can be identified and contained, the lower the costs. In this year’s study, organisations were able to reduce the days to identify the data breach from an average of approximately 201 in 2016 to 191 days and the average days to contain the data breach from 70 to 66 days. We attribute these improvements to investments in such enabling security technologies as security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms.
For the third year, our study reports the relationship between how quickly an organisation can identify and contain data breach incidents and the financial consequences. For our consolidated sample of 419 companies, the mean time to identify (MTTI) was 191 days, with a range of 24 to 546 days. The mean time to contain (MTTC) was 66 days with a range of 10 to 164 days. Both the time to identify and the time to contain were highest for malicious and criminal attacks (214 and 77 days, respectively) and much lower for data breaches caused by human error (168 and 54 days, respectively).
(2017 Cost of Data Breach Study: Global Overview Ponemon Institute)
Cybercrime is creating unprecedented damage to both private and public enterprises and driving up IT security spending. The latest forecast from Gartner Inc. says worldwide information security (a subset of the broader cybersecurity market) spending will grow 7 percent to reach $86.4 billion (USD) in 2017 and will climb to $93 billion in 2018. That forecast doesn’t cover various cybersecurity categories including IoT (Internet of Things), ICS (Industrial Control Systems) and IIoT (Industrial Internet of Things) security, automotive cybersecurity, and others. Cybersecurity Ventures predicts global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. Taken as a whole, we anticipate 12-15 percent year-over-year cybersecurity market growth through 2021.
(2017 report from Cybersecurity Ventures)
By analysing the data, we can state that there are 3 main causes for a data breach to occur: a malicious or criminal attack, a system glitch or a human error.
The first is the most frequent, is exponentially growing and is the most dangerous. What are the reasons behind the increasing number of attacks, and what are the attackers key success factors?
Current defensive technologies and procedures are only partly effective.
• The importance of security awareness is often underestimated
• Motivated attackers have a high likelihood of breaching
• Criminals often manage to escape justice
• Effective attacking tools and techniques are economically viable
The quantity and sophistication of malware requires new and more effective approaches to threat detection and response.
We have joined two independent fields of intense academic and applied research; one on the use of Bayesian network analysis to determine risk profiles, the second on pre-attentive communication to alert a person’s intuition. Leveraging artificial intelligence, organisations are enabled to reduce dwell time close to one day (industry average 191 days) in detecting and determining the cyber threat (reducing or preventing data breaches cost).
Technology alongside effective company-wide security education can greatly support preventing system glitches. We truly believe that visibility and knowledge of your organisation environment is a must. With our technology, we can support you in finding out all of the mis-configurations within your perimeter. This will reduce the overall company risk and should give network better performance as well.
Death, taxes and human error are the only certain things in our lives; they are what make us humans and not machines.
Awareness and training for everyone —not only for your security or IT team— within your organisation should be always a number one priority.