Media Coverage | RiskRecon

Ripple effects from a cyber incident take a year to develop: report

Written by Cybersecurity Dive | Sep 27, 2021 5:17:00 PM

CIO Dive discussed the new report from RiskRecon and Cyentia on the impact of multi-party breaches. 

Dive Brief:

  • It takes more than a year, 379 days, for 75% of victim companies to experience the downstream impact of a cyber incident, according to research by RiskRecon and the Cyentia Institute. Ripple cyber events, where one incident has cascading effects for other organizations, are identified as widespread third-party breaches or a supply chain breach. 
  •  A third-party incident impacts organizations with direct ties to the initial victim company. Supply chain incidents have a "cascading" impact across customers with direct relations to the victim company and the third party's customers. The research was based on observational data of publicly reported breaches since 2008. Researchers referred to Advisen's Cyber Loss Database, which includes data on 103,000 cyber events, which in part showcases organizations impacted by a singular incident. 
  • Since 2008, the database included at least 2,726 common incidents that hit multiple organizations. Only 897 of the incidents are considered true ripple events, involving B2B relationships between multiple parties.