More than 140 million Americans’ personal information, including birth dates, social security numbers and driver’s license numbers were exposed in a major breach at Equifax, according to the Federal Trade Commission. Equifax, one of the country’s three major credit reporting agencies, became the latest victim of a massive cyber attack announced in September 2017.
Damage estimates for the Equifax data breach are not yet available; however, in comparison the 2013 data breach at Target compromised 40 million credit and debit card holders and up to 70 million customers, costing the retail giant more than $200 million, according to the 2015 Congressional Research Service Report.
Data breaches are becoming multi-million dollar expenses, affecting companies, customers and the global economy. And, the financial consequences are only going to get worse.
The global costs of cyber crime are projected to skyrocket to $6 trillion annually by 2021, according to a 2016 Cybersecurity Ventures Report, up from a $3 trillion dollar estimate predicted in 2015.
Several factors are to blame for increased projections.
- The world is becoming more connected. By 2020, Microsoft predicts four billion people will be online, 50 billion devices will be connected to the internet, and data volumes online will be 50 times greater than they are today, as noted in their 2016 blog post, The Emerging Era of Cyber Defense. According to Gartner, there will be 8.4 billion devices connected to the internet by the end of 2017. Right now, 35% of people have at least one unprotected device, according to the 2016 Norton Cyber Security Insights Report.
- Online intruders are becoming more sophisticated. Attackers have evolved from breaking into computer systems to attacking the human element by using social engineering techniques, such as spear phishing, to target personal emails to gain access to an organization’s network, as noted in the 2016 report, Hackerpocalypse: A Cybercrime Revelation.
- Attacks are becoming more frequent, widespread and damaging. A new phishing attack is launched every 30 seconds, according to the 2017 Global Fraud & Cybercrime Forecast by RSA. An annual threat report from SonicWall says that ransomware experienced explosive growth between 2015 and 2016, increasing from 3.8 million attacks to 638 million. The 2017 Ponemon Cost of Data Breach Study found that the global average size of a data breach increased to more than 24,000 records in 2016. Globally, companies with more than 50,000 records compromised spent $6.3 million on a breach in 2017.
Major breaches are becoming more common, causing companies to pay more when they are compromised and prompting them to spend more on detection, response and recovery.
Certain countries and industries are hit harder, according to the Ponemon study. The total cost of a data breach globally is $3.62 million. However, the total cost of a data breach in the United States is $7.35 million, followed by the Middle East at $4.94 million. Regulated industries such as financial services, healthcare and education typically pay more in response to a breach.
The financial impact of a cyber breach includes loss of revenue, damage and destruction of data, fraud, embezzlement, interruptions to business, lost productivity, damage to equipment, recovering assets, forensic investigation, reputational harm and fines.
The most recent statistics below may provide insight into the current and projected economic impact of cyber crime.
The Cost of Cyber Crime: Statistics Run-Down
- The global average cost of a data breach is $3.62 million (Cost of Data Breach Study, Ponemon, 2017).
- The median cost of a cyber attack for a U.S. business was $11 million, up by approximately 200% within the last five years alone (Cyber Crime Costs More Than You Think, Hamilton Place Strategies, 2016).
- Global financial services and energy sectors are hit harder, with average costs recorded at $13.5 and $12.8 million annually (The Rising Cost of Cyber Crime, Ponemon, 2016).
- The annual cost of phishing to global organizations is $9.1 billion (Global Fraud & Cybercrime Forecast, RSA, 2017).
- Global ransomware damage costs are predicted to exceed $5 billion in 2017, an increase from $325 million in 2015 (Ransomware Damage Report, Cybersecurity Ventures, 2017).
- The cost per stolen record averages $158 globally and reaches $220 in the U.S. (The Rising Cost of Cyber Crime, Ponemon, 2016).
- In 2015, consumers alone lost $158 billion worldwide (Cyber Security Insights, Norton, 2016).