[ISN] One Breach = $1 Million To $53 Million In Damages Per Year, Report Says

[InfoSec News]

http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272

By Kelly Jackson Higgins
DarkReading
July 26, 2010

Organizations are getting hit by at least one successful attack per 
week, and the annualized cost to their bottom lines from the attacks 
ranged from $1 million to $53 million per year, according to a newly 
published benchmark study of 45 U.S. organizations hit by data breaches.

The independent Ponemon Institute's "The First Annual Cost of Cyber 
Crime Study" (PDF), which was sponsored by ArcSight, showed a median 
cost of $3.8 million for an attack per year, a price tag that includes 
everything from detection, investigation, containment, and recovery to 
any post-response operations. "Information theft was still the highest 
consequence -- the type of information [stolen] ranged from a data 
breach of people's [information] to intellectual property and source 
code," says Larry Ponemon, CEO of the Ponemon Institute. "We found that 
detection and discovery are the most expensive [elements]."

And a separate report called "The Leaking Vault" (PDF) released today by 
the Digital Forensics Association found that among the 2,807 publicly 
disclosed data breaches worldwide during the past five years, the cost 
to the victim firms as well as those whose information was exposed came 
to whopping $139 billion.

The Digital Forensics Association report says nearly half of all of the 
reported breaches came from a laptop, which in 95 percent of the cases 
is stolen. But actual hacks accounted for the most stolen records during 
2005 to 2009, with 327 million of the 721.9 million covered in the 
report, even though hacks accounted for only about 16 percent of the 
data breaches.

[...]