There are plenty of things people don’t want to contemplate the consequences of until it becomes absolutely necessary. The ‘cross that bridge when we come to it’ approach is indeed a popular one. Just as many individuals do not want to think about what insurance would have to say about many of our driving habits, far too many enterprises and organizations are willing to bury their heads in the sand when it comes to the devastating amount a cyber-attack could end up costing them.
The problem with taking this approach is that when consequences inevitably come to pass, there will come a moment of deep introspection when you wonder whether you could have and should have tried harder to prevent whatever occurred from occurring, and the answer will most certainly be yes. Especially when it comes to those cyber-attacks/breaches, like the ones that walloped VTech, T-Mobile and even the FBI in 2015.
Shock, Awe and Infographics
Infographics on the costs of cybercrime offer up the unique opportunity to see a great deal of hideous numbers in a very cute design. This one comes courtesy of application security provider Checkmarx and their post on cybercrime statistics, so you know who to blame when you bruise your jaw on the floor.
Breaking Down the Money Spent
Good news for all of those Australian organizations out there. A 2015 survey found that the average cost of a single cyber breach in Australia was just 3.4 million dollars — a bargain compared to the 15.4 million a cyber breach costs an organization in the U.S. Regardless of where in the world an organization is, however, a breach does run the risk of causing so much damage that a business is never able to recover. All told, cybercrime is projected to cost over $2 trillion annually by the year 2019.
Though you may be picturing giant piles of money simply being set on fire, the above infographic does offer a breakdown of where all that cash goes, splitting it between external consequences and actions taken to resolve an attack. Thirty-nine percent of the millions of dollars in cyber breach external consequence costs is eaten up by business disruption, 35 percent stems from information loss, 21 percent comes from a straightforward revenue loss, while a lesser but still significant 4 percent is attributed to equipment damage. (After all, 4 percent of one million dollars is $40,000. Times that by five and you’re hyperventilating.)
In terms of costs attributed to the activities conducted to resolve a cyberattack, 30 percent goes to detection, 23 percent to recovery, 16 percent to containment, 14 percent to investigation, 9 percent to incident management and 7 percent to incident response. Not much opportunity available for cost cutting.
Additionally, the already staggering average cyber breach costs quoted here do not include costs associated with reputation damage, schedule delays, legal costs and reimbursements, version rollback or re-launch.
Breaking Down the Time Spent
It’s important to remember that it isn’t just money being gobbled up by a breach. In terms of how long it takes for an attack to be resolved, your organization is looking at nearly 55 days to recover from an attack from a malicious insider, and nearly 50 days for a breach stemming from malicious code. A web-based attack will take your organization nearly 30 days to resolve, while phishing and social engineering attacks as well as denial of service attacks will take around 20 days.
Avoiding That Bridge Altogether
There are lessons to be learned here, and they’re best learned ahead of time instead of after an incident occurs. In fact, these lessons are best learned before web and mobile applications ever make it into the wild.
A secure development life cycle that helps to ensure web and mobile applications are developed securely with better code integrity will go a long way towards preventing cyber breaches and cutting down on the related projected costs. Spending a bit more on application security may mean your organization spends much, much less on cyberattacks.
It isn’t nice to spend time contemplating all of the terrible things that can happen in life and in business, but with some preventative efforts you can keep your organization from paying millions of dollars after a cyber breach.