The severity level of information security breaches experienced by organizations has show a marked increase over the past year, according to research commissioned by the Computing Technology Industry Association (CompTIA).

Among organizations that reported a security breach in the past 12 months, the average severity level of the breach stood at 4.8 on a 0-10 scale, where 0 is not at all severe and 10 is very severe. The corresponding severity level rating for the past two years was at 2.3 and 2.6.

"This suggests that while the number of security breaches has stabilized, the breaches that are occurring are having a greater impact than ever on organizations," said Brian McCarthy, chief operating officer, CompTIA.

No significant differences are evident in the severity of breaches by company size; however, smaller organizations reported slightly less severe breaches than larger organizations.

The survey found that the average cost of a security breach across all companies was $369,388, driven by a handful of companies who estimated costs in excess of $10 million, reflecting the higher risk that larger companies face. About one-half of all respondents' estimated that the cost of security breaches in the last 12 months was $10,000 or less.

Organizations broke down their costs of security breaches as follows:

1. Employee productivity impacted 35 percent
2. Server or network downtime 21 percent
3. Revenue-generating activities impacted 20 percent
4. Physical assets impacted 17 percent
5. Legal fees and/or fines 8 percent

The survey also revealed that not all security breaches originate externally. Among organizations that experienced a security breach, nearly one in four (23 percent) indicated that they had an insider security breach or threat in the last year.

CompTIA commissioned TNS, a global market insight and information group, to conduct the study to identify current IT security practices and highlight security challenges confronted by organizations of varying sizes and sectors.
http://www.comptia.org