The severity of information security breaches experienced by organizations has jumped in the past year, according to a new study by the Computer Technology Industry Association (CompTIA). The study also found that smaller organizations were reporting slightly less severe breaches than larger organizations.
The study ranked breach severity on a scale of 1-10, with 10 being the most severe. This year, the average severity level was 4.8, a large increase from the past two years' levels of 2.3 and 2.6.
Employee productivity was most impacted by the breaches. Also affected were revenue-generating activities, legal fees, physical assets, and servers and networks.
On the positive side, InformationWeek reports the study also points out that fewer companies are experiencing breaches. Sixty-six percent of organizations surveyed said they had not had a security breach in the past 12 months, compared with 42 percent two years ago.
The study also emphasizes the internal security threat, with nearly one in four companies indicating that they have had an insider security breach or threat in the last year.