The Average Cost of a Data Breach Is Now $4 Million (helpnetsecurity.com) 51
Reader Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to a report by Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record -- a full $100 more than in 2013.
Could this be slightly overestimated? (Score:3)
Because of this:
"Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage"
I imagine this includes doing a security audit, and fixing any holes, which should be done regardless of a breach. Perhaps the breach even made it easier to find certain holes.
Re: (Score:2)
You work for the government, don't you?
I work for government IT. Your point?
Re: (Score:2)
Wow, I would not admit to that in a million years.
Again, what's the point?
Re: (Score:2)
Wow, I would not admit to that in a million years.
Again, what's the point?
Its like admitting you work for an organized crime syndicate.
Re: (Score:2)
Its like admitting you work for an organized crime syndicate.
Tell that to my coworkers who are ex-military. I don't think you would like the response.
Re: (Score:2)
Just like hit men?
Ex-military are, by definition, professional killers. Only one of my coworkers ever mentioned killing people in Vietnam. Most do not volunteer what they did in the services, especially in combat situations.
Re: (Score:2)
Its like admitting you work for an organized crime syndicate.
Tell that to my coworkers who are ex-military. I don't think you would like the response.
Yeah I expect they are brutalized psycho's who enjoyed their time as hit men but wouldn't like to acknowledge, even to themselves, that this is what they really were. They probably hate themselves and take that self-hate out on others. Close to the mark? You can tell by how violently they respond.
Re: (Score:2)
You can tell by how violently they respond.
One of my coworkers told me how he killed three women in Vietnam, walked off a plane three days later in the US, and threatened a woman peace protester who wanted to throw a can of paint at him. The woman was too shocked to respond. He spent the next year in the service painting and rearranging rocks to readjust after the war. Nice guy. Still doing his IT job despite undergoing chemo therapy.
Re: (Score:2)
You can tell by how violently they respond.
One of my coworkers told me how he killed three women in Vietnam, walked off a plane three days later in the US, and threatened a woman peace protester who wanted to throw a can of paint at him. The woman was too shocked to respond. He spent the next year in the service painting and rearranging rocks to readjust after the war. Nice guy. Still doing his IT job despite undergoing chemo therapy.
You are jeopardizing my well being with your violent refusal to agree.
Re: (Score:2)
You are jeopardizing my well being with your asshole refusal to agree.
FTFY - Remember that I work in IT.
Re: (Score:2)
You are jeopardizing my well being with your asshole refusal to agree.
FTFY - Remember that I work in IT.
oooh you work in IT? Wasn't that a 1990's movie about a shape-changing alien?
Re: (Score:2)
oooh you work in IT? Wasn't that a 1990's movie about a shape-changing alien?
I do work in IT. I'm also the guy who replaced your computer with box of crayons. ;)
Re: (Score:2)
oooh you work in IT? Wasn't that a 1990's movie about a shape-changing alien?
I do work in IT. I'm also the guy who replaced your computer with box of crayons. ;)
Yeah, I think you must have just pranked the wrong guy...
Re: (Score:2)
Yeah, I think you must have just pranked the wrong guy.
If I give you a box of crayons, I'm not pranking you.
Re: (Score:2)
Yeah, I think you must have just pranked the wrong guy.
If I give you a box of crayons, I'm not pranking you.
Still not seeing crayons. Oh wait, do you mean this box of chalk?
Re: (Score:2)
Still not seeing crayons. Oh wait, do you mean this box of chalk?
I wouldn't punish my users with chalk. Crayons tastes better.
Re: (Score:2)
And corporations are any better?
Governments are organized crime syndicates, corporations are psychopaths.
Like the old carnie saying goes "You pays your money and you takes your choice."
Re: (Score:2)
Where does your data come from? In my experience, most data incidents happen with larger companies that have extensive data collections.
Inflation (Score:2)
The "cost" of a breach is certainly high, but a lot of the time, these numbers are inflated. For example, do you calculate in the time of your own IT staff that you would be paying anyway ? Yesterday, because of an auto accident that slowed down my commute home, I lost almost $14,000. You see, I value my personal time at $7,000 an hour.
Re: (Score:1)
I value my personal time at $7,000 an hour.
Oh well, small claims court can't help you collect then.
Re: (Score:2)
Yesterday, because of an auto accident that slowed down my commute home, I lost almost $14,000.
My time is too valuable to waste driving on the freeway. I pay an extra $70 per month to take the express bus. Not only does it save me several hours of my time each day to have someone else drive, I get to read The Wall Street Journal in the morning and an ebook in the afternoon.
Re: (Score:2)
Well la-de-da.
A subscription to The Wall Street Journal separates the millionaires from the non-millionaires.
Re: (Score:2)
Re: (Score:2)
I subscribed to the Wall Street Journal once. It didn't work.
A subscription won't turn you into an instant millionaire. It's what you do with the information and how you invest your money that will make you a millionaire in time. Take Ronald Read who died with a $8M fortune that no knew about because he lived a modest lifestyle.
http://www.businessinsider.com/ronald-read-secret-millionaire-2015-2 [businessinsider.com]
Re: (Score:3)
do you calculate in the time of your own IT staff that you would be paying anyway
and they answer should be 'yes'.
Presumably your IT staff would be doing something else to facilitate the operation of the business that justifies the on going expense of having them on board, otherwise you would not be paying them anyway. So if they are taken away from those activities to respond to the breach either you are incurring losses at least equal to the cost of those employees elsewhere where they can no longer add value; or you have to incur probably greater costs hiring contractors to replace
Re: (Score:2)
You're paying the IT staff to clean up after a data breach, rather than doing something productive that they normally do. For that reason, including the labour costs of your own IT dept is the correct thing to do in calculating the costs of a breach.
Think about it this way: You run a company that makes windows. You pay a couple of dozen guys to cut glass, cut frames, assemble the parts, etc. One morning, you come into your office and realize that overnight some hooligans have smashed all the windows in
Re: (Score:2)
You're paying the IT staff to clean up after a data breach, rather than doing something productive that they normally do.
Like maintaining the company WoW server or surfing Slashdot?
Re: (Score:2)
This. This needs a higher score. Where are my moderation points when I need them?
Re: (Score:2)
Should be higher (Score:3)
Re: (Score:2)
IT security budget is the first in line when execs start doing budget cuts. Pre-emptive security measures just don't seem to be on their agenda these days (and it never really was). It's hard to justify to investors why the company is spending money on 'non-productive' work. I've found countless serious security issues in IT systems over the years and the only place where they really cared about them was when I worked in government IT, believe it or not.
Can't They Fix This? (Score:2)
> representing a 29 percent increase since 2013, according to a report by Pokemon Institute.
In they past they would have sent out Pikachu and a Sqirtle to destroy the hackers. These days they sit around in an institute writing studies. Sad.
Re: (Score:2)
> representing a 29 percent increase since 2013, according to a report by Pokemon Institute (...) to destroy the hackers
Catch. Gotta catch them all. Not destroy them!
Re: (Score:2)
> representing a 29 percent increase since 2013, according to a report by Pokemon Institute (...) to destroy the hackers
Catch. Gotta catch them all. Not destroy them!
Times change.
There's a cost to warehousing data. (Score:2)
The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.
But of course, these businesses will never consider this risk as an itemized business cost, and will just greedily sequester more and more data, while continuing to pay lipservice to network security.
And then, when the hackers clean them out, they pout about needing more onerous antihacking laws.
Better idea: Don't mass warehouse data, or, if you decide to do so, keep t
Re: (Score:2)
The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.
Yes to some degree. I do thing data obeys the lows of entropy in that it flows from high concentration to lower concentration, the more data you have the greater the effort required to store, and control access to it.
Better idea: Don't mass warehouse data, or, if you decide to do so, keep that data isolated from your internet facing network, and pay for proper security featuring penetration testing and security auditing.
The latter part but not the first part. The data is only useful if the right people can access it. Availability is part of the security triad. If your analysts have to take a bus to a special building on your campus and provide a blood sample to look at the database: they won't. You won't g
make international borders NOW (Score:2)
A secure computer is a non-networked one. (Score:2)
Modern computer security is the equivalent of implementing bank security by distributing all the money from the vault into the cash registers of every store in a mall, and then hiring an army of mall cops to patrol all the cash registers.
IT professionals are the "mall cops" in this scenario, and unsurprisingly they keep telling us that we need to hire more mall cops and buy them all really nice Segways.