What is the Cost of a Data Breach?Sebastian Hess | Cyber Risk Engineer | D/A/CH AIG Europe Limited

IoT & Device Security Conference, 6 December 2017

#IoTDS

IoT Today - Facts

#IoTDS

Companies with revenues under $5 million annually hit by an IoT breach expected it to cost them 13.4

percent of their total revenue1

More Than 25 Percent of Identified Attacks in Enterprises Will Involve IoT by 2020²

IoT Security to Make Up 20% of Annual Security Budget by 2020³

Source: 1AltmanVilandrie & Company June 2017, ²Gartner April 2016, ³Gartner, Januar 2016, Getty Images

Cost of a Cyber Breach

Cost of a Cyber Breach - Categories

Types of Cost

• Business Disruption

• Information loss

• Revenue loss

• Equipment damages

• Other cost

Companies investment

• Detection

• Containment

• Recovery

• Investigation

• Incident Management

• Ex Post Response

#IoTDS

Cost of a Cyber Breach - Industry Sector1

#IoTDS

Source: 1Accenture Cyber Crime Studies 2017

#IoTDS

Costs vary among countries1

Roadmap for Threats

Internet Everywhere and “Always On”

#IoTDS

IoT Landscape as an Attack Surface

#IoTDS

Internet of Things

Transparency

Smarthome

Types of attack methodsexperienced by participating companies1

#IoTDS

Costs of different types of incidents1

#IoTDS

Costs vary among countries1

#IoTDS

Security Expenses

Importance to your organization

#IoTDS

Many companies don’t fully grasp the threats they face!

Business needs

IT-Security needs

Cyber Crime Market vs. Cyber Security Costs

#IoTDS

Source: Cyber Crime Costs Projected To Reach $2 Trillion by 2019 - Forbes, 17.01.2016

Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach $170 Billion By 2020 - Forbes, 15.12.2015

$400 billion by 2015

Estimated by Lloyd's

• SME costs: $1388 per capita

• Large organization:$431 per capita

$2.1 trillion by

2019Predicted by Juniper

Research

Global cost of cyber crime for

companies Cyber security market size

$75 billion by 2015

Estimated by Gartner, Inc.

$170 billion by

2020Predicted by SSP Blue

Estimated annual ROI for enabling security technologies1

#IoTDS

Budget allocations within the IT security infrastructure1

#IoTDS

Source: 1Accenture Cyber Crime Studies 2017

The Costs to Fix Security Problems

#IoTDS

Errors are

more expensive

to fix later

Boehm’s Curve

Cost of a Cyber Breach

Example

Ransomware Infection – Small Enterprise

• 40k Euro Forensics (10 md)

• 300k Euro Business interruption (3 days, 100k per day, 3.65m annual rev)

• 2k Euro Restoration costs (1 day)

• 10k Euro Required updates (new SW Licences)

• Total of 352k Euro

#IoTDS

Example II

Large Group Enterprise - Data Breach

• 400k Euro Forensics (100 md)

• 80m Euro Stolen Records (200m records; 2bn revenue)

• 4m Euro Implementation ISMS (1000md)

• Total of 84.4m Euro

#IoTDS

Example III

Product vulnerability – IoT Device

• 10k Euro Patch development (5 md)

• 10k Euro Testing (5 md)

• 500k Euro Notification costs (0.5 Euro per customer; 1m customers

• 10m Euro Recall + Update (1m devices, 10 Euro per device)

• Total of 10.5m Euro

#IoTDS

Example IV

Same company, one month later…

• 10k Euro Patch development (5 md)

• 10k Euro Testing (5 md)

• 500k Euro Notification costs (0.5 Euro per customer; 1m customers

• 10m Euro Recall + Update (1m devices, 10 Euro per device)

• Total of 10.5m Euro

#IoTDS

• A thought experiment:

Yet Another Example

#IoTDS

Source: 1 http://www.fox32chicago.com/health/450000-americans-have-pacemakers-that-could-be-hacked-fda 07.09.2017; Getty Images

Follow-up Costs

In Summary - Proactive Cyber Security is Necessary!

Internet of Things Cyber Threats

Return of Invest Digitalization

Cyber Security

#IoTDS