In order to provide a more accurate picture of potential data breach costs for organizations, Verizon introduced a new model for estimating loss in its annual data breach report.
Published Monday, the study (PDF) was conducted by Verizon, which analyzed incidents from its own breach investigations along with those reported by 70 contributing organizations – including the Department of Homeland Security, Kaspersky Lab, FireEye and McAfee. Up from 49 contributing organizations last year, the “2015 Data Breach Investigations Report” (DBIR) found that 79,790 security incidents occurred in 2014, while 2,122 confirmed data breaches took place.
“Security incident” was defined in the report as “any event that compromises the confidentiality, integrity, or availability of an information asset, while a “data breach” was described as “any incident that resulted in confirmed disclosure (not just exposure) to an unauthorized party.”
Notably, Verizon introduced a model for estimating breach costs which "accounts for the uncertainty as record volume increases,” the report said. To tackle this issue, the average cost of compromised records was predicted for a wider range of records.
Instead of determining the average cost per compromised record, for instance, which might provide a “very poor estimate of loss” on a case-by-case basis, Verizon tallied the average loss for a breach of 1,000 records or one million records, and so on. Using this model, the company determined that the expected loss associated with 100,000 disclosed records was $474,600; for one million disclosed records, the expected cost was more than $1.2 million.
In the report, all confirmed data breaches were also broken out by the type of threat or attack.
At the top of the list were point-of-sale (POS) intrusions, which accounted for 28.5 percent of breaches, followed by crimeware, which was pinpointed in 18.8 percent of incidents. In third place was cyberespionage (18 percent) which, as Verizon noted, ranked surprisingly higher than insider misuse (10.6 percent) and web application attacks (9.4 percent) among breach classifications.
Interestingly enough, Verizon's 2014 Data Breach Investigations Report found that cyberespionage activity increased more than threefold between 2012 and 2013. With the expanded visibility of contributors that year, the service provider also found that the source of cyberespionage attacks appeared to be more dispersed globally. In the breach report, for instance, China-based attackers were linked to 96 percent of all reported espionage incidents in 2012. But, by 2013, 20 percent of espionage activity emanated from threat actors in Eastern Europe, a growing contender.
This year, instead of focusing on attribution, Verizon noted which industries were most affected by cyberespionage: manufacturing, the government sector and professional services organizations. The most used attack vectors for cyber spies were malicious email attachments and links (phishing attacks) and drive-by download, the report found.
[An earlier version of this story incorrectly stated that 700 million compromised records caused a $400 million loss at organizations last year. In the report, these figures were used as an example to demonstrate potential loss using Verizon's new cost model.]