How Much Does a Hack Cost?

Here's how to handicap your cost per incident a little more closely

August 17, 2006

2 Min Read
Network Computing logo

It might be the most elusive figure in the security industry. Vendors want it so they can show the value of their products. Security pros want it so they can cost-justify new purchases. Attackers want it so they can measure the effectiveness of their exploits.

But after an industry-wide hunt, let us tell you: There is no single, definitive figure on the cost of security incidents.

Oh, there are data points. The problem is that they don't agree. Heck, they aren't even in the same ballpark. Check 'em out:

  • In a study of Department of Justice data scheduled to be published Aug. 28, Phoenix Technologies and law enforcement agencies found that, in cases where stolen IDs and passwords were used, the average loss per incident was $1.5 million. Some attacks caused as much as $10 million in damages.

  • According to the annual report by the Computer Security Institute and the FBI, the average loss per company due to security breaches in 2005 was about $167,000, down from more than $200,000 the year before. About half of the respondents reported between one and five incidents during the year.

  • In a study conducted by Ponemon Institute and distributed by PGP Corp. last year, companies lost an average of $14 million per breach per incident when customer data losses were incurred. The high cost was as much as $50 million.

  • A recent survey by the Yankee Group indicates that more than half of companies rate their Internet downtime costs at more than $1,000 per hour.

  • In a study published in 2004, the Aberdeen Group found that the cost of Internet-based business disruptions is about $2 million per incident.

    So, pick your number. Some rules of thumb say that $100,000 is a good starting point when measuring average loss per incident. Some say $200,000. Some say $1,000 per hour.

    Get the full story at Dark Reading.Tim Wilson, Site Editor, Dark Reading

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Nextgen network management
Network Management
Nextgen Network Management: What’s Next and Are We Ready?Nextgen Network Management: What’s Next and Are We Ready?
byMary E. Shacklett, President, Transworld Data
May 27, 2024
4 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat