A new survey released today by the Computing Technology Industry Association claims the severity level of information security breaches experienced by organizations has show a marked increase over the past year.
The group reports that among organizations that reported a security breach in the past 12 months, the average severity level of the breach stood at 4.8 on a 0-10 scale, where 0 is not at all severe and 10 is very severe. The corresponding severity level rating for the past two years was at 2.3 and 2.6.
“This suggests that while the number of security breaches has stabilized, the breaches that are occurring are having a greater impact than ever on organizations,” said Brian McCarthy, chief operating officer, CompTIA.
What’s interesting is that there doesn’t appear to be a significant variation in breach severity by size of the company or organization.
The survey found that the average cost of a security breach across all companies was $369,388, driven by a handful of companies who estimated costs in excess of $10 million, reflecting the higher risk that larger companies face. About one-half of all respondents estimated that the cost of security breaches in the last 12 months was $10,000 or less.
As to the specific consequences of these breaches, the overall survey produced these results
Employee productivity impacted – 35 percent
Server or network downtime – 21 percent
Revenue-generating activities impacted – 20 percent
Physical assets impacted – 17 percent
Legal fees and/or fines – 8 percent
Perhaps even more ominously, nearly one in four (23 percent) orgnizations that reported a security breach indicated that they had an insider security breach or threat in the last year.