A Cyentia Institute report that focuses on the 100 largest cyber incidents of the past five years found that these events totaled $18 billion in reported losses and 10 billion compromised records.
Interestingly, a single campaign – NotPetya – was responsible for nearly 20 percent of all the financial losses from the events tracked. And one-in-five of the largest losses over the last five years are attributed to state-affiliated actors.
The report on the top cyberattacks released today, the Information Risk Insights Study (IRIS) 20/20 Xtreme, was a follow-on to the Cyentia Institute’s IRIS 20/20 study from earlier this year. Both reports are based on data from insurance data group Advisen.
According to the report, the median loss for extreme losses was $47 million with over one-in-four exceeding $100 million. Five events racked up losses of $1 billion or more. Response costs, lost productivity and fines and judgements are the most common forms of loss in extreme events.
The financial and information sectors, with their large holdings of funds and data, experienced the largest number of extreme loss events, 22 and 18 respectively. Data breaches, ransomware, fraud and cryptocurrency theft are by far the most common and costliest of extreme cyber events.
Finally, Cyentia found that firms that bungle the incident response process show costs that are nearly 2.8 times larger than those without signs of poor response.