The real cost of a data breach
Insights on the latest cyber risks and associated damages
INSIGHT ARTICLE |
For businesses to successfully navigate today's cyberthreats and effectively respond to data security events, understanding the costs associated with a data breach is critical. Incidents at Fortune 500 organizations get significant media coverage, but the reputational and financial impact to small and middle-market companies can be even more damaging.
RSM US LLP is a proud sponsor of the NetDiligence® 2016 Cyber Claims Study, which provides greater insight into data breaches and associated damages.
As breach activity continues to evolve, so does the industry’s understanding of its associated damages, ranging from data and system loss to business interruption and reputational harm. This study is a great resource to validate the latest threats and help organizations evaluate their security vulnerabilities and measures.
The 2016 study summarizes NetDiligence's findings from a sampling of 176 cyber claims, 163 of which involved the loss, exposure or misuse of sensitive personal data from a variety of industry sectors. It also examines the type of data exposed, the cause of loss, the industry sector in which the incident occurred and the size of the affected organization.
Key study findings include:
- Personally identifiable information (PII) was the most frequently exposed data, followed by payment card information (PCI) and protected health information (PHI).
- Hackers were the most frequent cause of loss (23 percent), followed by malware and viruses (21 percent).
- Health care was the sector most frequently breached (19 percent), followed by professional services (13 percent).
- Nanorevenue companies (less than $50 million) experienced the majority of incidents, followed by micro-revenue companies ($50 million-$300 million) and small-revenue companies ($300 million-$2 billion).
- Third parties accounted for 13 percent of the claims submitted.
- Insider involvement occurred in 30 percent of the claims submitted.
- The average cost for crisis services (forensics, notification, credit monitoring, legal guidance) was $357,000.