RAND Study Estimates Lower Cyber-Incident Costs

Posted by

According to a new study by the RAND Corporation, published in the Oxford Journal of Cybersecurity, the average cost of a typical cyber breach for an American company has been estimated at $200,000, significantly less than the $1,000,000 figure suggested by other organizations, such as the Ponemon Institute. The study analyzed a private data set of 12,000 cyber incidents over a decade based on corporate losses compiled for the insurance industry.

“Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think,” said Sasha Romanosky, author of the study. The study concludes, among other things, that the average cyber event costs companies less than 0.4 percent of their annual revenues.

A copy of the RAND article can be found here.