Cybersecurity by the Numbers

We are often approached with the questions, “how much should I worry about cybersecurity and how much a breach would cost me?” Here we’ll present to you the potential cost and impact of a cybersecurity breach. Spoiler alert… it’s a lot! Cybersecurity breaches are awful, but one caused by a hacker is even worse.

This illustration of cybersecurity breaches between 2013 and 2017 highlight only very large breaches with over 30,000 records compromised. The size of the bubble represents how many records were compromised. The bigger the bubble, the bigger the breach. When we plot over time you can see an explosion of cybersecurity breaches just in a few years. Some people think this huge increase in successful breaches is because cyber-criminals have just gotten that good, that there’s nothing anyone can really do about it. Well, that’s not really true. Yes, cyber-criminals have gotten more sophisticated, but the biggest problem is that many companies are still relying on older technologies to protect from today’s threats.

The average cost of an individual data breach is about $5.9 million. There have been global data breach costs that have exceeded 2.1 TRILLION! That’s larger than the GDP of India, Italy, Brazil OR Canada! The cost varies widely across different industries. Healthcare, financial, and retail companies have the highest cost per record… between 165 and 363 dollars.

So, let’s say you’re a bank with 28,000 customers. Multiply that by 215 dollars and this is what a breach would likely cost you.

Of course this is just an average. There are many organizations that have seen breach costs exceed $100 million! Most of the costs are made up of things like forensic investigations, credit monitoring services, lawsuits, and fines. Long term costs need to be factored in as well, like adding security personnel and technology and increased insurance premiums. In addition to these quantifiable costs, other soft costs can be incurred as well long term. The negative impact to your brand, potential credit card suspension, stock price drop, management changes, and opportunity costs all can add up fast!

In short, cybersecurity breaches are not slowing down and can cost your company a lot of money. Do you wonder about trying to deal with cybersecurity protection yourself? Let’s look at those numbers too.

Hiring cybersecurity experts internally can be more challenging than you might think. First, cybersecurity personnel are commonly the most difficult IT people to hire and retain. There is just a 0.2% unemployment rate for cybersecurity professionals with an average salary of $116,000 per year. They start at $74,000 and go up to over $200,000. But hiring one or two cybersecurity experts isn’t all there is to it. Did you know that a single, small firewall can generate 864,000 events every day? And there’s a need today to monitor a lot more devices than just a firewall. Add in your routers, switches, and servers, and you can easily be dealing with millions of events per day.

Monitoring millions of events, 24 hours a day, 365 days a year, you’d need 12 to 14 people to have a fully staffed security operation center covering weekends, vacations, sick days, etc. That’s over 1.4 million dollars a year, plus overhead. And that doesn’t even count all the infrastructure, tools, software, and licensing you would need. Add it all up and the costs can reach about 3 million a year, total. Who can afford to build out an internal SOC like that? Well, large enterprises mainly. Based on a few surveys over the years, large enterprises spend around 4 percent of their total revenue on IT. And out of that budget, roughly 11% is spent on cybersecurity. If we round up to make the math easy, that comes out to approximately half a percent of total revenue spent on cybersecurity solutions. So if you’re a large organization with revenue of at least $600 million, then a 3 million dollar cybersecurity budget probably makes sense. Otherwise, you’re probably much better off outsourcing your cybersecurity protection to a trusted partner.

So there you have it, cybersecurity by the numbers. Your risk of a breach is increasing every year. The average cost of a breach is 5.9 million dollars. And building out an in-house security operations center means hiring several people, who get paid a lot, and are extremely hard to find and keep. Now, before you go out and start unplugging all your IT systems, talk to us first about ways to protect yourself from cybersecurity breaches without spending a ton of money.