Home > Blog > What Are Security Fails Really Costing Us?

What Are Security Fails Really Costing Us?

 |  HackerOne

By Ericka Chickowski

The good news/bad news statistics are flowing this month as a smorgasbord of new security studies and reporting paint the current state of the union. The crux of it is that even as companies are getting more serious about security issues from the top of the food chain, the cost of not shoring up security fast enough keeps going up, up, up.

Even though this is a security blog, we'll go against our instincts to play up the doom and gloom and lead with a bit of good news. A new study out a couple of weeks ago from the Georgia Tech Information Security Center (GTISC) found that the percentage of chief executives and boards that are actively addressing cybersecurity has doubled in just three years to 63 percent. What's more, well over 90 percent of boards say they review IT risk assessment reports and over half hire outside experts to help advise them on the technical details. Most telling on the improvement front is that ratio of organizations that had established risk committees separate from audit committees rose from 8 percent in 2008 to 53 percent this year.

All of this added attention from the boardroom has translated directly to budgetary windfalls. Gartner analysts just updated their forecast for security spending, predicting a 4.7 percent boost this year to $75 billion. While that might seem only a modest gain, it's fairly positive considering Gartner's expectation for IT spending overall to decline by 4.9 percent.

Of course, awareness of a problem is one thing. Actually solving it is another entirely. And while CEOs boards have at least finally decided to actually pay attention to cybersecurity, the hits keep coming. Almost concurrently with the GTISC study, the new Ponemon Institute Cost of Cybercrime report shows that the cost of cybercrime keeps climbing.

Cybercrime is now costing the average organization $15 million annually.

Some other highlights from the Ponemon study:

  • Over the last year the cost of cybercrime rose 19 percent
  • The cost of cybercrime per organization has risen by 82 percent since 2009
  • Some organizations are finding cybercrime is costing as much as $65 million per year

At the same time, insurance adjusters are finally gathering up enough data on cybercrime policies to figure out something that many watchers of the cyber insurance industry have predicted for a few years now. Namely, that insurers are going to have to charge a lot more to make cyber policies financially sustainable. This year, Reuters says average increases in premiums jumped by 32 percent and they're also being accompanied by higher deductibles and limits in total coverage.


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.