A research released on Tuesday by RiskRecon and the Cyentia Institute found that certain multi-party data breaches have generated 26x the monetary loss of the worst single-party breach.
The research included incidents occurring since 2008. According to the Advisen’s Cyber Loss Database, there have been over 900 multi-party breach instances, with 147 newly discovered “ripples” throughout the whole data set, with 108 happening in the previous three years.
There were over 2,726 incidents where different organizations were involved. Only a small percentage of those are what the researchers call “ripple events,” which involve multiple parties in B2B relations.
According to the research, there is a two-year lag between the incident’s occurrence and complete manifestation of ripple effects, with some incidents lasting up to five years.
A typical multi-party breach costs ten times more than a standard single-party breach. When compared to the worst single-party breach, the worst multi-party breach generates 26 times the financial harm.
A ripple event generally takes 379 days to affect 75% of its downstream victims, and the average number of organizations affected by ripple events was 4 throughout the data set.
The study lists several notable multi-party data breaches involving SolarWinds, Accellion, Advanced Computer Software, Blackbaud, etc.
Millions of people’s personal information was exposed in each occurrence, and the researchers discovered that financial and business support companies are the top two victims of downstream loss events. Over 47% of all ripples originate in the professional and economic sectors.
Many firms are both the source of one ripple event and the downstream receiver of others caused by different enterprises.
Eighty percent of the ripple events include some form of direct financial loss. One out of every five ripples causes fines and penalties, and one out of every ten causes response expenses. While just a tiny percentage of ripples result in a loss of revenue, such losses can be catastrophic. In those instances, the loss of income accounts for 78% of the costs.
It was found that a loss of income caused by a ripple event results in a $36 million loss per occurrence. Based on 154 ripples, the report revealed that the earliest victims of a multi-party breach bear the majority of the expenses.
One thing that data makes clear is that a multi-party ripple event can affect any organization. As businesses of all sizes continue to provide companies access to their data, customer information, employee information, and other information, they open up other doors for security events that may affect their bottom line.