Data Breach Costs Could Hit $2T by 2019
Data breaches focused primarily on "traditional computing devices" rather than emerging connected devices are expected to increase the cost of cyber crime to an estimated $2.1 trillion by 2019, according to a new study of enterprise threats and mitigation strategies.
The report released this week by Juniper Research found that "the majority of these [data] breaches will come from existing IT and network infrastructure." Meanwhile, the nature of cyber attacks continues to evolve with the emergence of "cybercrime products" like malware creation software. The upshot, Juniper Research concludes, is fewer overall attacks on enterprises but more sophisticated and successful attacks on enterprise infrastructure.
As more enterprise infrastructure is linked, the average cost of a data breach is expected to exceed $150 million by 2020, the U.K.-based researcher estimated.
The majority (about 60 percent) of enterprise data breaches in 2015 will likely occur in North America, but the geographical distribution of attacks is expected to expand as emerging nations connect more IT infrastructure, Juniper Research forecast.
Among the hardest hit industries are the banking and financial sectors along with medical and healthcare. In a separate white paper on "Cybercrime and the Internet of Threats," Juniper Research found that the number of exposed medical records per breach tends to be in the range of 1,000 to 10,000. For banks and other financial institutions, the average number of exposed records and accounts extends to between 10,000 and 100,000. A smaller percentage of financial breaches (about 10 percent) reach as high as 10 million data records.
Researchers cited a recent attack on JPMorgan Chase showing "that customer details are often targeted by cybercriminals even if there is no immediate financial use for them." The motivation here is that "cybercriminals have consumers’ details, those customers can then be targeted as part of a spear-phishing operation, where information in the phishing communication is tailored to be more attractive to the specific target," the researcher said.
Juniper Research noted that only a small fraction of cyber attacks tend to account for the bulk of data breaches. For example, it found that IBM Enterprise clients experienced an average of 74,300 attacks annually as of July 2013. But only 0.12 percent actually resulted in security breaches. The data indicates that hackers are constantly probing IT infrastructure searching for vulnerabilities.
As more enterprise infrastructure is connected, Juniper Research predicts that cloud vendors like Amazon Web Services and Google Cloud Platform along with cloud-based applications from market leaders like Apple will be in the "pole position to capitalize on this transition" to cloud-based services.
"If consumers are tied into multiple products from [major cloud providers], those consumers become increasingly reluctant to churn away from one element of the brand, as he/she loses access to content across their devices," the researcher noted.