BOSTON – Aug 2, 2022
Black Kite, the leader in third-party cyber risk intelligence, today released The Cost of a Data Breach: A New Perspective, a global analysis curated with Open-Source Intelligence (OSINT) that examines the financial impact of 2,400 cyber incidents between 2017-2022. The most notable takeaway: of the 1,700 companies with a digital presence that could still be monitored, the overall average cost of a data breach is now $15.01 million.
“Few businesses understand the true cost of a single data breach. Aside from reputational damage and irreparable disruption to business operations, the financial impact can be lethal,” said Bob Maley, CSO of Black Kite. “Our latest research shows the devastating impact of cybercrime on today’s most resilient organizations, and our mission is to educate leaders on the importance of third-party risk intelligence in order to win against the bad guys.”
Fourteen Black Kite researchers examined the cost and impact per industry and root causes of data breaches (including the top threat actors), as well as the cyber security posture and ransomware susceptibility of organizations.
Key findings include:
- Overall average cost of a data breach (outliers removed) – $15.01 million
- Overall average cost of a data breach (including outliers) – $75.21 million
- Most financially devastating threat actor: Conti, with ten attacks averaging at $84.98 million per incident
- Seven hundred of the companies breached within the last five years – or one-third – no longer have a digital presence or never disclosed their company name
- Seventy-nine percent of the 1,700 analyzed breached companies are highly susceptible to a phishing attempt
- Finance and Insurance had the highest number of incidents (445), with an average cost of $35.34 million per incident
The global cost of cybercrime is expected to hit $10 trillion in the next three years – up $7 trillion from 2015 – yet many businesses aren’t aware of the true cost and risk.
“There are dozens of breaches that have occurred within the last 12 months that have not yet been publicly reported,” said Jeffrey Wheatman, Senior Vice President and Cyber Evangelist at Black Kite. “Open-Source Intelligence resources provide predictive visibility into this data, allowing leaders to take a proactive approach. Using IBM and Black Kite’s reports as complementary insights, organizations can make more informed decisions worldwide.”
Survey Protocols in Comparison to IBM’s Annual Cost of a Data Breach Report:
- Analysis of 2,400 breaches using Open-Source Intelligence (OSINT) and publicly available data
- Five-year scope, analyzing breaches from 2017-2022
- Research of all industries, including the public sector and verticals that might not be inclined to respond to a survey
Black Kite provides third-party risk intelligence from a technical, financial, and compliance perspective to eliminate false positives and ensure a holistic approach to vendor risk management. In addition to The Cost of a Data Breach: A New Perspective, Black Kite issues an annual Third-Party Breach Report as well as risk assessment reports on the automotive manufacturing, energy, and federal sectors.
To learn more about Black Kite, visit: blackkite.com →
About Black Kite
One in four organizations suffered from a cyberattack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. At Black Kite, we’re redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective.
With 500+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.