Study: Severity Of Information Security Breaches Increasing
The severity level of information security breaches experienced by organizations has show a marked increase over the past year, according to research commissioned by the Computing Technology Industry Association (CompTIA).
Among organizations that reported a security breach in the past 12 months, the average severity level of the breach stood at 4.8 on a 0-10 scale, where 0 is not at all severe and 10 is very severe. The corresponding severity level rating for the past two years was at 2.3 and 2.6.
"This suggests that while the number of security breaches has stabilized, the breaches that are occurring are having a greater impact than ever on organizations," said Brian McCarthy, COO of CompTIA.
No significant differences are evident in the severity of breaches by company size. However, smaller organizations reported slightly less severe breaches than larger organizations.
The survey found that the average cost of a security breach across all companies was $369,388, driven by a handful of companies who estimated costs in excess of $10 million, reflecting the higher risk that larger companies face. About one-half of all respondents estimated that the cost of security breaches in the last 12 months was $10,000 or less.
Organizations broke down their costs of security breaches as follows:
- Employee productivity impacted -- 35 percent .
- Server or network downtime -- 21 percent .
- Revenue-generating activities impacted -- 20 percent.
- Physical assets impacted -- 17 percent.
- Legal fees and/or fines -- 8 percent.
The survey also revealed that not all security breaches originate externally. Among organizations that experienced a security breach, nearly one in four (23 percent) indicated an insider security breach or threat in the last year.