Multi-Party Cyber-Incidents Cost 13x More Than Single-Party Incidents
A new study has found that the financial losses caused by cyber-incidents affecting multiple parties are vastly more devastating than those that stem from any single-party incident.
According to the Ripples Across the Risk Surface study, published today by Cyentia Institute, when compared to losses triggered by a single-party incident, the ripple effect costs that occur following multi-party incidents result in a total loss that is a whopping 13 times greater.
Extreme losses, which sit above the 95th percentile, show an even larger discrepancy, with a loss of $16m for single-party incidents versus $417m for multi-party incidents.
The in-depth study, sponsored by RiskRecon, analyzed data from 813 cyber-incidents and closely examined their impact on numerous downstream organizations, described as secondary victims. A cyber-incident is defined in the study as an "event that compromises the confidentiality, integrity, or availability of an information asset."
The objective of this first-of-its-kind study was to raise market awareness of the far-reaching effects an incident such as a data breach can have as a result of the hyper-interdependencies of organizations.
Researchers plumbed historical data relating to 90,000 cyber-events from the cyber-loss database Advisen, finding that since 2008, 813 cyber-incidents had occurred in which at least three organizations were primary victims.
As a result of these multi-party cyber-incidents, a further 5,437 downstream loss events occurred in which secondary organizations were impacted. In fact, downstream entities affected by multi-party incidents outnumbered primary victims by 850%.
In one s ..