An extensive analysis from cybersecurity research and data science firm Cyentia Institute revealed details about the financial impact of cyber incidents on organizations of all types and sizes. The analysis “Information Risk Insights Study (IRIS) 20/20 Xtreme” focused on the 100 largest cybersecurity incidents of the last five years and found that these incidents totaled $18 billion in reported losses and 10 billion compromised records. This may be a new record in the world of cybercrime.
Key Findings
- The average loss is $47 million. With over one-in-four exceeding $100 million losses.
- Response costs, lost productivity, and fines and judgements are the most common forms of loss in extreme events.
- The likelihood of incidents varies up to 30x by industry. Government agencies, administrative support, information services, and financial firms, have the highest rates.
- Firms that bungle the incident response process show costs that are nearly 2.8 times larger than those without signs of poor response.
- The financial and information sectors, with their large holding of funds and data, have experienced the largest number of extreme loss events.
- Data breaches, ransomware, fraud, and cryptocurrency theft are by far the most common and costliest types of extreme cyber events.
- One in five of the largest losses over the last five years are attributed to state affiliated actors.
The current analysis report is a continuation of the Cyentia Institute’s IRIS 20/20 study from earlier this year, which is based on the information from insurance data group Advisen. “Our goal was to breakdown the costs, categorize incident types, identify the actors behind these events and the actions they employed, and better understand how these events impacted the organizations involved,” the study stated.
David Severski, Senior Data Scientist at Cyentia and lead IRIS Xtreme analyst said, “Continuing the data-driven exploration of loss events from the IRIS 20/20 report, this zeroing in on the largest of the large breaches reveals new information on the actors, magnitude, and forms of loss that make up the headlines in front of risk managers and organization leaders.”
