Multiple Data Breaches Cause 26x the Financial Loss of a Single Breach
The investigation is based on a review of 897 incidents involving three or more companies that were linked.
Researchers at Cyentia Institute and RiskRecon have published a study quantifying the impact of a multi-party data breach in today's networked digital environment on many organizations, according to Help Net Security.
If only one or two companies are affected by a data breach or security vulnerability, that's bad enough. That's why there are more and more security breaches that affect multiple companies at once.
Data collected on publicly disclosed breaches over the past decade shows how far the impact of a single security incident can reach across industries and individual companies.
When a system is critical to a technology provider's services, one security breach can put the data of hundreds of corporate customers at risk. Companies that do not do business directly with the Nth party can and are affected by the security issues of the 4th, 5th, and so on along the business value stream.
So far, only the SolarWinds incident has provided conclusive evidence and a clear warning of how a devastating wave event could play out. SolarWinds was not a one-off or isolated event, and we have the statistics and stories to back this up.
Key findings on the impact of multi-party data breaches:
- Data breaches involving many parties generate 26 times as much financial harm as breaches involving a single party
- Since 2008, there have been 897 occurrences of multi-party data breaches, often known as ripple events
- Over the last three years, researchers have discovered 108 new ripples out of the 147 total
- A typical ripple incident affects 75% of its downstream victims after 379 days
- The median number of ripple events impacting organizations was 4
- The average financial loss from a single-party breach is 10 times greater when occurring as part of a ripple attack