Among organizations that reported a security breach in the past 12 months, the average severity level of the breach stood at 4.8 on a 0-10 scale, where 0 is not at all severe and 10 is very severe. The corresponding severity level rating for the past two years was at 2.3 and 2.6.
"This suggests that while the number of security breaches has stabilized, the breaches that are occurring are having a greater impact than ever on organizations," said Brian McCarthy, chief operating officer, CompTIA.
No significant differences are evident in the severity of breaches by company size; however, smaller organizations reported slightly less severe breaches than larger organizations.
The survey found that the average cost of a security breach across all companies was $369,388, driven by a handful of companies who estimated costs in excess of $10 million, reflecting the higher risk that larger companies face. About one-half of all respondents estimated that the cost of security breaches in the last 12 months was $10,000 or less.
Organizations broke down their costs of security breaches as follows:
- Employee productivity impacted -- 35 percent
- Server or network downtime -- 21 percent
- Revenue-generating activities impacted -- 20 percent
- Physical assets impacted -- 17 percent
- Legal fees and/or fines -- 8 percent
