Multi-target breaches can end up costing far more than imagined
A breach that affects more than one target company creates 26 times more financial damage, compared to an attack that affects only one target, a new report from RiskRecon and Cyentia Institute claims.
Analyzing how a multi-party data breach impacts businesses in today’s hyper-connected world, the two companies investigated 897 multi-party breaches affecting at least three interrelated organizations. They call these breaches “ripple breach events”.
The analysis, published in the second edition of the “Ripples Across the Risk Surface” paper, claims that the average ripple breach event affects four organizations.
Furthermore, the median ripple breach event causes ten times the financial damage, compared to a “traditional” single-party breach. Of the 897 multi-party breaches analyzed, the largest one affected a total of 550 firms, while it takes, on average, more than a year (379 days) for a typical ripple event to impact the majority (75 percent) of its downstream victims.
With the Covid-19 pandemic forcing people into a home-working environment, communicating and collaborating with other companies via digital channels became pivotal. This also created a major window of opportunity for cybercriminals, as it was suddenly relatively easier to compromise the target company, by first compromising a poorly protected third party.
Cybersecurity experts are warning how taking the zero trust approach, and making sure employees are trained on the dangers of cybercrime, is essential to the security of the organization.