Security company Black Kite have released a report that makes sobering reading detailing the cost of data breaches. They estimate that many data breaches cost around $15 million. This is a distinct danger to organizations like utilities, which have a large number of customers, and critical information in their databases.
The median cost per incident is rated in their publication The Cost of a Data Breach: A New Perspective at $130,000, and around half of data breaches don't exceed $1 million. Which is still a significant amount of money, particularly for smaller businesses.
However, based on an analysis of 2,400 cyber incidents at 1,700 companies over the years 2017–2022, Black Kite concluded that many data breaches can cost $15 million. They also estimate that costs are rising at 10% per year on average, so the total global cost of cybercrime could reach $10 trillion in the next three years. This is an increase of $7 trillion from 2015’s $3 trillion figure.
Another worrying issue is that companies with remote workers, suffer higher losses: often $1 million higher than companies without telecommuting workers.
One in four organizations have suffered a cyberattack in the past year, the report said. One attack vector is via third parties, as hackers “island-hopped” their way into the company's systems. The most relevant issue was that vulnerable companies deployed outdated systems or software that were easier for malicious actors to attack
Organizations that experience data breaches are more susceptible to future attacks. After fixing the original exploit that caused the breach, often companies cease searching for further issues, the report said.
The report says, “Once an adversary has found a vulnerability to exploit, they become more confident and may escalate to more severe attack methods.” Utilities need to be cognizant of increased danger from cybercrime and make sure they have all necessary protection, including “islanding” critical computers (isolating them from outside networks) to ensure they cannot be hacked from outside the company.