Cybersecurity by the Numbers

We get asked all the time how much you should worry about cybersecurity… specifically, how much a cyber incident could cost you and your business. Here we’ll show you the potential cost and impact of a cybersecurity event. Spoiler alert… it’s a lot! We all know cybersecurity breaches are bad but a cybersecurity breach caused by a hacker is even worse.

Over time we can see an explosion of cybersecurity breaches just in the last few years. Some people think this huge increase in successful breaches is because cyber-criminals have just gotten that good, that there’s nothing anyone can really do about it. Well, that’s not really true. Yes, cyber-criminals have gotten more sophisticated, but the biggest problem is that many companies are still relying on older technologies to protect from today’s threats.

The average cost of an individual data breach is about $5.9 million. Global data breach costs are expected to exceed 2.1 TRILLION by 2025! That’s larger than the GDP of India, Italy, Brazil OR Canada! The cost varies widely across different industries. Healthcare, financial, and retail companies have the highest cost per stolen record… between 165 and 363 dollars. So, let’s say you’re a bank with 28,000 customers. Multiply that by 215 dollars and this is what a breach would likely cost you. Of course, this is just an average. There are many organizations that have seen breach costs exceed $100 million! Most of the costs are made up of things like forensic investigations, credit monitoring services, lawsuits, and fines. There are some long-term costs too, like adding security personnel and technology and increased insurance premiums. But those are the easy ones to quantify. There are a lot of soft costs you also have to consider. The impact to your brand, potential credit card suspension, management changes, and opportunity costs all add up fast!

Long story short, cybersecurity breaches are happening a lot more often and can cost your company a lot of money. What about trying to deal with cybersecurity protection yourself? Let’s look at those numbers too.

Some companies want to take on this problem themselves by hiring cybersecurity experts internally. That’s a lot harder than you might think. First, cybersecurity personnel have been the most difficult IT people to hire and retain for the past 4 years. There is just a 0.2% unemployment rate for cybersecurity professionals with an average salary of $116,000 per year. They start at $74,000 and go up to over $200,000. But hiring one or two cybersecurity experts isn’t all there is to it. Did you know that a single, small firewall can generate 864,000 events every day? And there’s a need today to monitor a lot more devices than just a firewall. Add in your routers, switches, and servers, and you can easily be dealing with millions of events per day.

Monitoring millions of events, 24 hours a day, 365 days a year, you’d need 12 to 14 people to have a fully staffed security operation center covering weekends, vacations, sick days, etc. That’s over 1.4 million dollars a year, plus overhead. And that doesn’t even count all the infrastructure, tools, software, and licensing you would need. Add it all up and the costs can reach about 3 million a year, total. Who can afford to build out an internal SOC like that? Well, large enterprises mainly. Based on a few surveys over the years, large enterprises spend around 4 percent of their total revenue on IT. And out of that budget, roughly 11% is spent on cybersecurity. If we round up to make the math easy, that comes out to approximately half a percent of total revenue spent on cybersecurity solutions. So if you’re a large organization with revenue of at least $600 million, then a 3 million dollar cybersecurity budget probably makes sense. Otherwise, you’re probably much better off outsourcing your cybersecurity protection to a trusted partner.

So there you have it, cybersecurity by the numbers. Your risk of a breach is increasing every year. The average cost of a breach is 5.9 million dollars, and building out an in-house security operations center means hiring a number of people, who get paid a lot, and are extremely hard to find and keep. Now, before you go out and start unplugging all your IT systems, talk to us first about ways to protect yourself from cybersecurity breaches without spending a ton of money.

Contact us today to learn more about strengthening your cyber posture.

Share:
More Posts