Survey: Financial Costs of a Cyber Attack Increasing Year over Year | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: Financial Costs of a Cyber Attack Increasing Year over Year

November 28, 2017
by Heather Landi
| Reprints

Enterprise organizations that have been impacted by cyber breaches report that monetary losses from cybersecurity events have increased year over year, according to the 2017 U.S. State of Cybercrime survey.

Looking at the financial ramifications of cyber attacks, the survey notes that there are many metrics to measure the impact of an attack, both hard costs and time as well as reputation. One thing that cannot be disputed is the financial costs of a cyberbreach. The survey found that 21 percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884,000, compared to estimates of $471,000 from the previous year.

The survey aims to provide a look into the state of U.S. cybersecurity, revealing how security and business leaders are defending their organizations, the top threats they are facing as well as ramifications when an attack occurs. The survey is a collaborative effort between CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service and Forecepoint. The survey was published by IDG Communications.

The survey found that the prominence of security continues to be elevated within organizations. Thirty-five percent of top security executives report to the CEO, and 50 percent have security leadership brief the board of directors at least quarterly.

Almost half of organizations (48 percent) have seen budget increases for security, resulting in an average IT security budget of $11 million, and an additional $9 million dedicated to physical security.

Organizations are using these growing budgets to put tools and processes in place to keep data and assets secure, and to address anomalies. To catch insiders who may have malicious intent, 58% of organizations monitor user behavior.

To address concerns about trusted partners steps are being taken outside of organization walls, as 47 percent are evaluating their supply chain vendors and partners to ensure approved security practices are in place before signing a contract. To ensure security practices are maintained, 58 percent of enterprise organizations (1,000+ employees) require business partners to sign service-level agreements to specify cybersecurity standards.

However, despite increased budgets and C-level support, security leaders’ concerns over cyber threats is growing Three quarters of security leaders are more concerned about cybersecurity threats now than there were in 2016, according to the survey.

Looking at the who and how behind cyber incidents, the majority of organizations that have identified a breach (79 percent), claim that the event was committed by an outsider. In addition, 31 percent of  organizations responding to the survey had at least one insider incident in 2016, however, 76 percent of those incidents were handled internally, without involving legal action or law enforcement, according to the survey.

The survey report authors note that as organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches. Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.

Cedars-Sinai Accelerator Program Presents Fourth Class of Startups

The Cedars-Sinai Accelerator, a program that helps entrepreneurs bring their innovative technology products to market, has brought in nine more health tech startups as part of its fourth class.

DirectTrust Adds Five Board Members

DirectTrust, a nonprofit organization that support health information exchange, announced the appointment of five new executives to its board of directors.

Analysis: Many States Continue to Have Restrictive Telemedicine Policies

State Medicaid programs are evolving to accelerate the adoption of telemedicine models, this evolution is occurring more quickly in some states than others, according to a recent analysis by Manatt Health.