Cybersecurity By The Numbers
Our cybersecurity expert, Erin, walks through the typical costs of a data breach as well as the cost to build your own in-house SOC.
Video Script: Hi. I’m Erin, the cybersecurity expert. Many of you have asked us how much you should worry about cybersecurity… specifically, how much a breach could cost you. So I’m going to spend a couple minutes showing you the potential cost and impact of a cybersecurity breach. Spoiler alert… it’s a lot! We all know cybersecurity breaches are bad but a cybersecurity breach caused by a hacker is even worse. Take a look at this illustration of cybersecurity breaches between 2005 and 2009. These are only very large breaches with over 30,000 records compromised. The color of the bubble represents the source of the breach, where red was caused by hackers. The size of the bubble represents how many records were compromised. The bigger the bubble, the bigger the breach. Now compare that to the large breaches just over the last few years. Notice anything? Most breaches are now caused by hackers… and the average size of a breach is much, much larger! When we plot over time you can see an explosion of cybersecurity breaches just in the last few years. Some people think this huge increase in successful breaches is because cyber-criminals have just gotten that good… that there’s nothing anyone can really do about it. Well… that’s not really true. Yes, cyber-criminals have gotten more sophisticated, but the biggest problem is that many companies are still relying on older technologies to protect from today’s threats. Here are some of the ways criminals use to bypass older technologies and get to your data. In fact, malware is such a problem, I made a whole video on it! If you haven’t seen my video on why firewalls, IDS/IPS, and anti-virus software can’t protect you from malware, you can check it out here. https://stratozen.com/StratoSOC/Malware
The average cost of an individual data breach is about 5.9 million. Global data breach costs are expected to exceed 2.1 TRILLION by 2019! That’s larger than the GDP of India, Italy, Brazil OR Canada! The cost varies widely across different industries. Healthcare, financial, and retail companies have the highest cost per record… between 165 and 363 dollars. So, let’s say you’re a bank with 28,000 customers. Multiply that by 215 dollars and this is what a breach would likely cost you. Yah, no kidding! Of course this is just an average. There are many organizations that have seen breach costs exceed 100 million! Most of the costs are made up of things like forensic investigations, credit monitoring services, lawsuits, and fines. There are some long term costs too, like adding security personnel and technology and increased insurance premiums. But those are the easy ones to quantify. There are a lot of soft costs you also have to consider. The impact to your brand, potential credit card suspension, stock price drop, management changes, and opportunity costs all add up fast!
Ok, so like I said at the beginning, cybersecurity breaches are happening a lot more often and can cost your company a lot of money. What about trying to deal with cybersecurity protection yourself? Let’s look at those numbers too.
Some companies want to take on this problem themselves by hiring cybersecurity experts internally. Well, that’s a lot harder than you might think! First, cybersecurity personnel have been the most difficult IT people to hire and retain for the past 4 years. There is a 0.2% unemployment rate for cybersecurity professionals with an average salary of $116,000 per year. They start at $74,000 and go up to over $200,000. But hiring one or two cybersecurity experts like me won’t be enough. Did you know that a single, small firewall can generate 864,000 events every day!?!? And as we’ve talked about in other videos, you need to monitor a lot more devices than just a firewall. Add in your routers, switches, and servers, and you can easily be dealing with millions of events per day!
So monitoring millions of events, 24 hours a day, 365 days a year, you’d need 12 to 14 people to have a fully staffed security operation center covering weekends, vacations, and things like that. That’s over 1.4 million dollars a year, plus overhead. And that doesn’t even count all the infrastructure, tools, software, and licensing you would need. Add it all up and we’re talking about 3 million a year, total. Who can afford to build out an internal soc like that? Well, large enterprises mainly. Based on a few surveys over the years, large enterprises spend around 4 percent of their total revenue on IT. And out of that budget, roughly 11% is spent on cybersecurity. If we round up to make the math easy, that comes out to approximately half a percent of total revenue spent on cybersecurity solutions. So if you’re a large organization with revenue of at least 600 million, then a 3 million dollar cybersecurity budget probably makes sense. Otherwise, you’re probably much better off outsourcing your cybersecurity protection to a trusted partner.
So there you have it… cybersecurity by the numbers. Your risk of a breach is increasing every year. The average cost of a breach is 5.9 million dollars. And building out an in-house security operations center means hiring at least 12 people, which would easily cost 3 million a year. Now before you go unplugging all your IT systems, there are ways to protect yourself from cybersecurity breaches without spending a ton of money. I’ll discuss some of those in other videos. To learn more about cybersecurity as well as some of our services, please visit our website or contact us today!