By: Kelly White, Founder, RiskRecon by Mastercard
Companies Previously Breached 3x More Likely to Suffer Another Breach
At RiskRecon, we closely monitor material publicly reported cybersecurity breach events as part of our cybersecurity ratings services. From 2012 to 2023, across a closely monitored population of 150,000 companies, we have cataloged and analyzed 14,413 material, publicly reported breach events. Of those 150,000 companies, six percent publicly reported at least one breach event during the last 12 years.
Given that only six percent of companies publicly reported a breach during the period, some companies must be reporting multiple events. That is indeed the case, and herein lies the powerful breach predictor. Companies that publicly report a breach event are three times more likely to report another breach event than companies that have not reported any breach events.
Here is a more detailed breakdown of that metric. Of all companies monitored from 2012 – 2013, one in 16 (6%) publicly reported a breach event. Of the companies that publicly reported a breach event, one in five (20%) reported more than one breach event during the period. Thus, companies that publicly report a breach event are three time more likely to report another breach event than companies that have not reported any breach event.
As shown in the graph below, 5% of the 150,000 companies reported one material breach event from 2012 – 2023. One percent of the 150,000 companies reported multiple breach events during the same period.
So, if you are staring at a third-party portfolio of a hundred or a thousand and wondering which of those companies are most likely to ring your phone to inform you of a breach, consider factoring into your prioritization algorithm those companies that have previously been breached – they are three times more likely to report another breach compared to those that haven’t reported a breach.
Ready to see how RiskRecon’s new module can enhance your security?
