Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Almighty Buck

Average Data Breach Costs Hit a Record $4.4 Million, Report Says 15

The average cost of a data breach rose to an all-time high of $4.4 million this year, according to the IBM Security report released Wednesday. That marked a 2.6% increase from a year ago and a 13% jump since 2020. CNET reports: More than half of the organizations surveyed acknowledged they had passed on those costs to their customers in the form of higher prices for their products and services, IBM said. The annual report is based on an analysis of data breaches experienced by 550 organizations around the world between March 2021 and March 2022. The research, which was sponsored and analyzed by IBM, was conducted by the Ponemon Institute.

The cost estimates are based on both immediate and longer-term expenses. While some costs like the payment of ransoms and those related to investigating and containing the breach tend to be accounted for right away, others such as regulatory fines and lost sales can show up years later. On average, those polled said they accrued just under half of the costs related to a given breach more than a year after it occurred.
This discussion has been archived. No new comments can be posted.

Average Data Breach Costs Hit a Record $4.4 Million, Report Says

Comments Filter:
  • What a joke (Score:4, Insightful)

    by timeOday ( 582209 ) on Wednesday July 27, 2022 @09:09PM (#62740042)
    This is the type of survey "data" collected purely for marketing materials. "Average" data breach, what does it even mean? A rapidly-spreading but harmless worm would divide the "average" cost of data breaches by an arbitrary factor within days. And valuing the damage is highly subjective, it totally depends on how much verification and remediation you decide to do.
    • It's a joke if you don't acknowledge the value of customer/ user data. The value of the data is highly subjective, and highly expensive.
      • It's a joke if you don't acknowledge the value of customer/ user data.

        Obviously, data has value. Quantifying that value (value to whom?) is difficult.

        The value of the data is highly subjective

        Indeed. Which means the "$4.4 Million" number was pulled out of someone's butt.

        Most data breaches cost the company nothing because they are unaware it happened. Many are insider jobs. Most are never detected.

        They also cost the customers little because so much of their data is already "out there". My SSN has been leaked many times. Stolen credit card numbers sell for pennies because you just can't make much from them anymore.

    • 4 million is something on the order of 10 man years of competent security engineers for a company. Much easier to just pay the 4 million than protect data with private active hires. It need to get to 40 million. Then companies will start protecting data and limiting what they store

      • 4 million is something on the order of 10 man years of competent security engineers

        Incompetent security engineers cost about the same and many managers aren't able to judge competence.

        Even if you hire competent engineers, they won't protect you from an inside job.

        So spending money may not help, and if you spend nothing, there is a good chance you can get away with it so it seems like the better path.

        If you do get hit, just short your own stock before making a public announcement.

  • So, is this like software piracy losses or I bought a bunch of dumb ape NFTs losses?

    • by EvilSS ( 557649 )
      Not really. Rebuilding systems, restoring from backup, bringing in outside security consultants, buying security products and implementing security controls you already should have been doing, lost productivity. As a consultant I've been on incident response teams for multiple ransomware attacks gone bad, and it's not cheap.
  • Because that was the main argument back when: Windows servers are "cheaper". Took a long time for the price for that stupid decision to become due, but to compensate, the price is now excessive and set to become even higher. And there now is no easy way to migrate away from that cheap Redmond crap.

    • This article is about data breaches. These breaches are often performed on linux servers, which make up the vast majority of the "unseen" internet. Your argument that this is somehow Microsoft's fault is fucking old and boring.
  • How are costs computed?
    Where does the money go?

    I don't suppose any of these orgs consider "upping" security?

  • The cost of using Windows.

    Or, maybe sue MS for the costs? (Lawyers have got to rent-seek).

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...