what is the cost of a data breach?€¦ · hit by an iot breach expected it to cost them 13.4...
TRANSCRIPT
What is the Cost of a Data Breach?Sebastian Hess | Cyber Risk Engineer | D/A/CH AIG Europe Limited
IoT & Device Security Conference, 6 December 2017
#IoTDS
IoT Today - Facts
#IoTDS
Companies with revenues under $5 million annually hit by an IoT breach expected it to cost them 13.4
percent of their total revenue1
More Than 25 Percent of Identified Attacks in Enterprises Will Involve IoT by 2020²
IoT Security to Make Up 20% of Annual Security Budget by 2020³
Source: 1AltmanVilandrie & Company June 2017, ²Gartner April 2016, ³Gartner, Januar 2016, Getty Images
Cost of a Cyber Breach
Cost of a Cyber Breach - Categories
Types of Cost
• Business Disruption
• Information loss
• Revenue loss
• Equipment damages
• Other cost
Companies investment
• Detection
• Containment
• Recovery
• Investigation
• Incident Management
• Ex Post Response
#IoTDS
Cost of a Cyber Breach - Industry Sector1
#IoTDS
Source: 1Accenture Cyber Crime Studies 2017
#IoTDS
Costs vary among countries1
Roadmap for Threats
Internet Everywhere and “Always On”
#IoTDS
IoT Landscape as an Attack Surface
#IoTDS
Internet of Things
Transparency
Smarthome
Types of attack methodsexperienced by participating companies1
#IoTDS
Costs of different types of incidents1
#IoTDS
Costs vary among countries1
#IoTDS
Security Expenses
Importance to your organization
#IoTDS
Many companies don’t fully grasp the threats they face!
Business needs
IT-Security needs
Cyber Crime Market vs. Cyber Security Costs
#IoTDS
Source: Cyber Crime Costs Projected To Reach $2 Trillion by 2019 - Forbes, 17.01.2016
Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach $170 Billion By 2020 - Forbes, 15.12.2015
$400 billion by 2015
Estimated by Lloyd's
• SME costs: $1388 per capita
• Large organization:$431 per capita
$2.1 trillion by
2019Predicted by Juniper
Research
Global cost of cyber crime for
companies Cyber security market size
$75 billion by 2015
Estimated by Gartner, Inc.
$170 billion by
2020Predicted by SSP Blue
Estimated annual ROI for enabling security technologies1
#IoTDS
Budget allocations within the IT security infrastructure1
#IoTDS
Source: 1Accenture Cyber Crime Studies 2017
The Costs to Fix Security Problems
#IoTDS
Errors are
more expensive
to fix later
Boehm’s Curve
Cost of a Cyber Breach
Example
Ransomware Infection – Small Enterprise
• 40k Euro Forensics (10 md)
• 300k Euro Business interruption (3 days, 100k per day, 3.65m annual rev)
• 2k Euro Restoration costs (1 day)
• 10k Euro Required updates (new SW Licences)
• Total of 352k Euro
#IoTDS
Example II
Large Group Enterprise - Data Breach
• 400k Euro Forensics (100 md)
• 80m Euro Stolen Records (200m records; 2bn revenue)
• 4m Euro Implementation ISMS (1000md)
• Total of 84.4m Euro
#IoTDS
Example III
Product vulnerability – IoT Device
• 10k Euro Patch development (5 md)
• 10k Euro Testing (5 md)
• 500k Euro Notification costs (0.5 Euro per customer; 1m customers
• 10m Euro Recall + Update (1m devices, 10 Euro per device)
• Total of 10.5m Euro
#IoTDS
Example IV
Same company, one month later…
• 10k Euro Patch development (5 md)
• 10k Euro Testing (5 md)
• 500k Euro Notification costs (0.5 Euro per customer; 1m customers
• 10m Euro Recall + Update (1m devices, 10 Euro per device)
• Total of 10.5m Euro
#IoTDS
• A thought experiment:
Yet Another Example
#IoTDS
Source: 1 http://www.fox32chicago.com/health/450000-americans-have-pacemakers-that-could-be-hacked-fda 07.09.2017; Getty Images
Follow-up Costs
In Summary - Proactive Cyber Security is Necessary!
Internet of Things Cyber Threats
Return of Invest Digitalization
Cyber Security
#IoTDS