Survey: Financial Costs of a Cyber Attack Increasing Year over Year | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: Financial Costs of a Cyber Attack Increasing Year over Year

November 28, 2017
by Heather Landi
| Reprints

Enterprise organizations that have been impacted by cyber breaches report that monetary losses from cybersecurity events have increased year over year, according to the 2017 U.S. State of Cybercrime survey.

Looking at the financial ramifications of cyber attacks, the survey notes that there are many metrics to measure the impact of an attack, both hard costs and time as well as reputation. One thing that cannot be disputed is the financial costs of a cyberbreach. The survey found that 21 percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884,000, compared to estimates of $471,000 from the previous year.

The survey aims to provide a look into the state of U.S. cybersecurity, revealing how security and business leaders are defending their organizations, the top threats they are facing as well as ramifications when an attack occurs. The survey is a collaborative effort between CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service and Forecepoint. The survey was published by IDG Communications.

The survey found that the prominence of security continues to be elevated within organizations. Thirty-five percent of top security executives report to the CEO, and 50 percent have security leadership brief the board of directors at least quarterly.

Almost half of organizations (48 percent) have seen budget increases for security, resulting in an average IT security budget of $11 million, and an additional $9 million dedicated to physical security.

Organizations are using these growing budgets to put tools and processes in place to keep data and assets secure, and to address anomalies. To catch insiders who may have malicious intent, 58% of organizations monitor user behavior.

To address concerns about trusted partners steps are being taken outside of organization walls, as 47 percent are evaluating their supply chain vendors and partners to ensure approved security practices are in place before signing a contract. To ensure security practices are maintained, 58 percent of enterprise organizations (1,000+ employees) require business partners to sign service-level agreements to specify cybersecurity standards.

However, despite increased budgets and C-level support, security leaders’ concerns over cyber threats is growing Three quarters of security leaders are more concerned about cybersecurity threats now than there were in 2016, according to the survey.

Looking at the who and how behind cyber incidents, the majority of organizations that have identified a breach (79 percent), claim that the event was committed by an outsider. In addition, 31 percent of  organizations responding to the survey had at least one insider incident in 2016, however, 76 percent of those incidents were handled internally, without involving legal action or law enforcement, according to the survey.

The survey report authors note that as organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches. Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Study will Leverage Connecticut HIE to Help Prevent Suicides

A new study will aim to leverage CTHealthLink, a physician-led health information exchange (HIE) in Connecticut, to help identify the factors leading to suicide and to ultimately help prevent those deaths.

Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.