Cyber Security ROI
Having a tool to calculate your cyber security ROI ranks as paramount, now more than ever. Every day, businesses, healthcare institutions, and government agencies grow their multiple, expansive databases of personal information. When this information gets wrongly disclosed, stolen or lost, they suffer increasingly severe financial and legal repercussions. Regulators can levy hefty personal fines and even incarceration on upper management if sufficient security steps were not implemented.
Network access protection wins the top spot as the number one cyber issue facing data security. Here’s why… In 2013, the average U.S. cost of a data security breach topped $5.4 million per organization; or, $188 per record. In 2014, the average cost jumped to $5.85 million with an average cost of $201 per record and an average number of 29,087 records stolen per breach (Ponemon: “2014 Cost of Data Breach Study: Global Analysis”).
One of the biggest problems for IT has been defining the ROI of security for upper management. Instead, they often just ask for ever increasing budgets without the CEO/CFO understanding exactly what they are getting for their money.
Security is very similar to insurance. It might be hard to justify the expense, until you need it. Because every industry and organization is different, creating a one size fits all ROI calculator can be difficult. Here are some key considerations:
Average costs of a data breach in the US:
- 42% of breaches will come from malicious code or criminal attack. 30% by human error and 29% by system glitch
- $417,700 is the average detection and escalation cost in the US
- $509,237 is the average notification cost in the US
- $1,599,996 is the average post data breach cost in the US
- $3,324,959 is the average lost business cost in the US
- 33% to direct costs, 67% to indirect costs per capita
(Source: Ponemon’s, “2014 Cost of Data Breach Study: Global Analysis”)
In addition, here are some other resources that I hope help: