Skip to main content
Hero Banner
Water Under the Breach

The Sunk Costs of Cyber Security


By: Urooj Burney

Published: November 22, 2019 | Updated: March 07, 2024

Read time: 5 minutes

The billions of dollars invested in cyber security controls worldwide represent only a fraction of the more than three trillion dollars cyber security breaches cost organizations annually, based on statistics from Cybersecurity Ventures. Throwing more money at the problem only raises the specter of sunk costs.

It’s not that the cyber security controls aren’t necessarily working; it’s that they’re often inefficient, not prioritized correctly, and unable to keep up with the growing number of threats. And those trillions of dollars don’t even include the costs of breaches that go unreported.

Simply put, organizations need better solutions and more operational visibility into the financial impact of daily risks. Armed with better knowledge, an organization’s leadership, IT, and security departments will be able to make more informed, risk-based decisions on capital and human-resource allocation as they navigate this challenge.

The Cost of Cyber Security


The walls are coming down… again

The obvious and immediate costs of data breaches come from data loss and from handling regulatory scrutiny and fines after a malicious attack. Malicious attacks only account for half of all breaches—the other half is divided between human error and system glitches—with each breach costing an average of $3.92 million, according to a recent study by the Ponemon Institute.

With the rise of Everything as a Service (XaaS) and the Internet of Things (IoT), organizations face tremendous risks every day as they conduct business across multiple channels and devices beyond their four walls. Small and medium-sized businesses are particularly at risk due to fewer resources to put towards cyber security controls. Meanwhile, large enterprises with better resources face greater reputational risks and steeper fines from a breach.

While another layer or patch on an unwieldy suite of cyber security controls might seem like an obvious answer, any reinforcement, regardless of size, is going to be ineffective if the wall is made of sand.


The population is fleeing… with their belongings

Lost business after a breach represents over one-third of the total average cost of a breach at $1.42 million and is the biggest share of the cost, according to the Ponemon study. The study also reveals that the remaining costs often occur more than a year after the breach and are often unaccounted for. Highly regulated industries, such as healthcare and financial services, tend to have the most drawn-out process due to the depth of damage to consumer trust. It doesn’t help that, based on the same study, the response to an average breach takes nine months, including over seven months to identify it and two months to contain it. Eventually, there comes a point when the investment required to rebuild a loyal consumer base is put at huge risk by the potential of another breach.

Gartner reports that global cyber security spending is predicted to reach $170.4 billion in 2022. Mastercard believes that organizations shouldn’t sink any more money into the wrong cyber security controls. By taking a contextual and quantitative approach to analyzing risk, our approach to Cyber Security Services allows organizations to focus investments on areas that yield the greatest benefit by prioritizing actions based on expense, time, and impact. Our solutions, developed as an ongoing cycle rather than a one-off fix, continually re-evaluate risk scenarios to enable organizations to evolve with cyber crime, rather than in response to it.

Related resources

Understanding DORA's vision teaser
Understanding DORA's vision for a resilient financial network

The Digital Operational Resilience Act was not written with the solutions of a global payment network in mind. But it might as well have been.

Thumbnail 668x500
Cybersecurity for small businesses

A three step approach for how governments can improve small business cyber security amongst the rise of digitization and cyber crime.

Inexorable rise of emerging payments teaser
Inexorable rise of emerging payments

Research from Mastercard shows that appetite for, and adoption of, new payment technologies is rising.