The Real Cost of Cyber Incidents
What federal data shows when recovery is slow

These graphs summarize the findings in the U.S. Cybersecurity and Infrastructure Security Agency (CISA)'s reports. This connects exploited-vulnerability reality (CISA KEV) with economic impact: recovery speed is the controllable variable.
About 20% of known exploits allow for remove code execution (i.e. ransomware)
Every major operating system of a target
Per Incident Losses for SMBs could range from between $5,000 and $60,000; much more for larger organizations

Book a strategy session How DRaaS reduces downtime Download the research brief

What this page does

Exposure: KEV → getting hacked is a real possibility Money: downtime + heavy-tail loss Action: reduce downtime

KEV additions by year

KEV additions by year
View full size Download PDF Download PNG

Platform/vendor buckets

Platform/vendor buckets
View full size Download PDF Download PNG

Outcome breakdown

Outcome breakdown
View full size Download PDF Download PNG

Mean vs median (log scale)

Mean vs median (log scale)
View full size Download PDF Download PNG

So what should leaders do?

Assume disruptive events are plausible because exploitation is active.
Make recovery speed a tested number, not a guess.
Use DRaaS to reduce downtime and restore operations cleanly.

Am I At Risk?

Book a strategy session to see how fast you can expect to recover with your current setup and what changes would materially reduce downtime.

Book a strategy session What DRaaS does (plain English)

Key terms (plain English)

CISA — Cybersecurity and Infrastructure Security Agency (U.S.).

KEV — Known Exploited Vulnerabilities. Exploited in real attacks.

CVE — Common Vulnerabilities and Exposures. Vulnerability ID.

OCE — Office of the Chief Economist (CISA). Incident cost research.

RCE — Remote Code Execution. Run code remotely.

DRaaS — Disaster Recovery as a Service. Managed recovery.

Offer

Strategy session: See how fast you can expect to recover with your current setup.

Book a strategy session