HACKS AREN’T COSTLY FOR FIRMS… OH, REALLY?
The soaring number of cyberattacks against American companies is causing comparatively little financial damage, which is discouraging many businesses from beefing up security, Rand Corp. said in a study released this week.
Rand researchers estimates a typical computer breach costs a company about $200,000. For many firms, that figure represents less than 0.4% of their annual revenue.
The researchers also said the losses from cyberattacks are generally smaller than the losses caused by fraud, theft, corruption and bad debt.
Paid Posts are created by our advertisers. Our editorial and reporting staffs are are not involved in the creation or production of Paid Posts.
“Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think,” the study’s lead author, Romanosky, said in a statement. “It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company.
“Like you and me,” Romanosky said, “companies are self-interested and operate in ways that minimize costs.”
The Rand findings are similar to those of a 2015 study by Columbia University, which said major data breaches at many Fortune 500 companies ended up costing the firms less than 1% of their annual revenues. The companies included Target Corp., which experienced a data breach in 2013 that revealed information from 40 million debit and credit card accounts.
Rand said its analysis comes partly in response to a request by the Obama administration to help create voluntary guidelines for improving information security, which can vary greatly from company to company.
Romanosky said the number of data breaches increased from 64 in 2012 to almost 250 in 2014. Hackers heavily targeted health, insurance and finance companies, as well as the government.
-from the Los Angeles Times