Skip to main content

Multi-target breaches can end up costing far more than imagined

data breach
(Image credit: Image Credit: Balefire / Shutterstock)

A breach that affects more than one target company creates 26 times more financial damage, compared to an attack that affects only one target, a new report from RiskRecon and Cyentia Institute claims. 

Analyzing how a multi-party data breach impacts businesses in today’s hyper-connected world, the two companies investigated 897 multi-party breaches affecting at least three interrelated organizations. They call these breaches “ripple breach events”. 

The analysis, published in the second edition of the “Ripples Across the Risk Surface” paper, claims that the average ripple breach event affects four organizations. 

Furthermore, the median ripple breach event causes ten times the financial damage, compared to a “traditional” single-party breach. Of the 897 multi-party breaches analyzed, the largest one affected a total of 550 firms, while it takes, on average, more than a year (379 days) for a typical ripple event to impact the majority (75 percent) of its downstream victims.

With the Covid-19 pandemic forcing people into a home-working environment, communicating and collaborating with other companies via digital channels became pivotal. This also created a major window of opportunity for cybercriminals, as it was suddenly relatively easier to compromise the target company, by first compromising a poorly protected third party. 

Cybersecurity experts are warning how taking the zero trust approach, and making sure employees are trained on the dangers of cybercrime, is essential to the security of the organization. 

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.