Cyber Risks

Average Cost of Cyberattacks Soars to $4.6 Million Per Incident

Brian Thomas | July 3, 2019

The aftermath of a cyber breach can be costly. But just how expensive and where the brunt of that financial impact falls has been somewhat unclear, until now. 

A new report by Radware and Merrill Research found that the price tag of cyberattacks has spiked significantly, increasing from $3 million per incident in 2018 to $4.6 million in the first half of 2019 alone. These multi-million-dollar breaches are also becoming more frequent. Breaches costing more than $10 million have doubled since 2018, and now stand at 13%.

The four main business impacts that organizations can expect in the aftermath of a cyberattack include customer loss (45%), brand reputation (44%), and revenue loss and operational effects (32% each).

Cyberattacks touch every corner of the organization

These statistics paint a clear picture – cybersecurity goes well beyond the role of the CIO or CISO and now encompasses every division in the organization. From the CMO to general counsel, HR to procurement, cybersecurity is everyone’s business. Indeed, Radware finds that 72% of executives, not just the CISO, report on cybersecurity each time the Board of Directors convenes, and 75% of executives say security is a key component in their marketing strategy.

These statistics provide powerful food for thought. But what does all of this really mean? Put simply, you need a way to quantify the cyber risk facing your own organization and measure the effectiveness of your cybersecurity investments in the face of that risk.

The challenge for many organizations is that they lack visibility into the true nature of risk – both in their own operations and those of their interconnected third-party vendors and supply chains. How do you remediate a risk you can’t see?

Score your organization’s risk

Manual risk assessments can help, but these are time-consuming and only provide a snapshot of security risk. However, with data-driven security ratings you’ll benefit from a proven, automated way to continuously benchmark risk that can be quickly leveraged by anyone in the organization to make educated decisions about mitigating risk.

These easy-to-understand ratings (think of them as the cyber equivalent of a credit score) give your organization a baseline metric of cybersecurity program performance. You can also drill down into the details to pinpoint risk areas, allocate resources and IT investments, establish more meaningful KPIs, and communicate the security posture of your organization (or a third-party partner’s) to executives, your Board, potential clients, and partners.

CISOs have a new role to play

You should also ensure that your CISO has a seat at the executive management table. That person must be able to clearly articulate the business impact of a sound cybersecurity strategy -- or lack thereof.

We hear time and again from CISOs that they’re only called upon when the executive team needs to be informed of a breach or to report on quarterly security measures. But with cybersecurity impacting every part of the organization and increasingly featuring as a line item in Board meetings, it’s critical that the CISO go beyond a reporting role at the table. He or she must find a way to facilitate incorporating security considerations as part strategic decision making and planning.

What was good enough yesterday, is not good enough today

As threats evolve and the costs of cyberattacks skyrocket, traditional approaches to measuring and reducing risk are falling short. Find out how exposed your organization is by requesting your security rating snapshot report.

The Evolution of the CISO White Paper

Suggested Posts

Protecting Sensitive Data: 4 Things To Keep In Mind

Given the recent security breaches and reported hacking attempts, it is increasingly important for companies to have a handle on their most sensitive data. Sensitive data can include employees’ personal information, customer information,...


Secure Remote Work: New Threats Require a Shift in Policy and Training

Working from home introduces significant cyber risk to any organization. However, recent events reveal that it’s not a case of “if” but “when” bad actors will exploit the rampant vulnerabilities on home networks.


Get Ahead of the Quantum Computing Security Threat

Quantum computing has the ability to change the world, both for better and worse, and while it may be far off in the future, security teams need to start preparing for the new reality it will usher in.


Subscribe to get security news and updates in your inbox.