For companies that are exposed to breaches of fewer than 1,000 records, 94 percent don’t have to deal with fines, penalties or regulatory proceedings.
That statistic comes from the SANS Institute, whose survey examined the factors that impact the expenses a company faces after suffering a security breach.
The Maryland-based cybersecurity educator pointed to disruption of work, remediation time and bad publicity stemming media attention as some of the main expenses for the targeted company.
Expenses incurred as a result of regulatory proceedings was rare, despite 58 percent of surveyed incidents compromising two or more types of regulated data – like financial and personal identity information.
The survey found that of breaches of fewer than 1,000 records were the most common, and for that group, only 20 percent received media attention for the incident.
Channel Partners has covered its fair share of breaches this year. Unauthorized access to an Experian server may have exposed the personal data of 15 million T-Mobile customers. Juniper estimated the total cost of breaches to surpass $2 trillion by 2019. Verizon’s annual data breach report included almost 80,000 breaches within various organizations in the previous year. Channel Partners cited Verizon’s prediction that the average cost for a breach of 1,000 records is between $52,000 and $87,000.
“Having a proactive approach to handling security, a data classification program and policy, and a solid response and clean-up plan are significant positive steps organizations can take to reduce the costs and effects of a breach,” SANS Analyst Barb Filkins said in a news release.
In another interesting SANS Institute statistic, 60 percent of respondents lacked commercial cyberinsurance “because they found it hard to acquire.”
SANS plans to release the full details of its survey in a webcast next week.