Dive Brief:
- The vast majority (81%) of U.S. small businesses suffered a cybersecurity breach, a data breach or both in the past year, with more than half of the victims reporting financial losses between $250,000 and $1 million, the Identity Theft Resource Center said in a report released Wednesday.
- Nearly four in 10 victims said they were forced to raise prices to address the financial impacts of an incident, the survey of 662 U.S. small business executives found.
- “In effect, the rising cost of cybersecurity and the financial damage from data breaches are creating a hidden “cyber tax” that is being passed directly to consumers — the very people who are also directly impacted by the loss of their personal information (and financial resources) to identity criminals,” ITRC, a nonprofit dedicated to helping cybercrime victims, said in its report.
Dive Insight:
Cybersecurity nearly tops the list of challenges that keep CFOs “awake at night,” coming second only to profitability and tying with inflationary pressures/economic uncertainty, global workforce firm ManpowerGroup found in a study released in October.
Nearly three-quarters of finance chiefs are now involved in cybersecurity efforts, with half deeply engaged in both strategy and response, reflecting heightened concern, ManpowerGroup reported.
The ITRC research found that most surveyed small businesses experienced multiple cybersecurity incidents, with threat actors deploying sophisticated methods, including artificial intelligence-powered attacks.
“The current landscape is not a fair fight and presents both a drag on our economy and a threat to national security,” ITRC President James Lee said in a press release on the research. “The data in this report is startling and should be a wake-up call for everyone.”
The average U.S. cost of a data breach is $10.22 million, up 9% compared with the prior year’s level and an all-time high for any region, IBM said in its annual Cost of Data Breach report in July. The spike was driven by steeper regulatory fines and higher detection and escalation costs in the U.S., which occurred even as the average global breach cost fell 9% to $4.44 million, IBM said.
A third of organizations surveyed as part of IBM’s study said they would hike prices more than 15% due to a cyberattack. However, the overall share of organizations that said they would pass breach costs on to customers fell by nearly a third to 45%, down from 63% last year.
While businesses looking to recover breach costs might choose to pass them on to customers, that strategy may backfire, particularly in “price-sensitive markets or moments,” IBM said.