Average Data Breach Costs Hit a Record $4.4 Million, Report Says 15
The average cost of a data breach rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020. CNET reports: More than half of the organizations surveyed acknowledged they had passed on those costs to their customers in the form of higher prices for their products and services, IBM said. The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM, was conducted by the Ponemon Institute.
The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred.
The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred.
What a joke (Score:4, Insightful)
Re: (Score:1)
Re: (Score:3)
It's a joke if you don't acknowledge the value of customer/ user data.
Obviously, data has value. Quantifying that value (value to whom?) is difficult.
The value of the data is highly subjective
Indeed. Which means the "$4.4 Million" number was pulled out of someone's butt.
Most data breaches cost the company nothing because they are unaware it happened. Many are insider jobs. Most are never detected.
They also cost the customers little because so much of their data is already "out there". My SSN has been leaked many times. Stolen credit card numbers sell for pennies because you just can't make much from them anymore.
Not high enough yet (Score:2)
4 million is something on the order of 10 man years of competent security engineers for a company. Much easier to just pay the 4 million than protect data with private active hires. It need to get to 40 million. Then companies will start protecting data and limiting what they store
Re: (Score:2)
4 million is something on the order of 10 man years of competent security engineers
Incompetent security engineers cost about the same and many managers aren't able to judge competence.
Even if you hire competent engineers, they won't protect you from an inside job.
So spending money may not help, and if you spend nothing, there is a good chance you can get away with it so it seems like the better path.
If you do get hit, just short your own stock before making a public announcement.
Ooh, imaginary money (Score:2)
So, is this like software piracy losses or I bought a bunch of dumb ape NFTs losses?
Re: (Score:2)
Re: (Score:2)
Indeed. We have had some customers hit, usually takes several months until they are back to normal business.
Re: (Score:1)
So, are those "cheap" windows system working out? (Score:2)
Because that was the main argument back when: Windows servers are "cheaper". Took a long time for the price for that stupid decision to become due, but to compensate, the price is now excessive and set to become even higher. And there now is no easy way to migrate away from that cheap Redmond crap.
Re: (Score:2)
Re: (Score:2)
The article is mostly about ransomware. There is almost no ransomware for Linux.
what are data breach "costs" (Score:2)
How are costs computed?
Where does the money go?
I don't suppose any of these orgs consider "upping" security?
Maybe just accept it as .... (Score:2)
Or, maybe sue MS for the costs? (Lawyers have got to rent-seek).