From the press release:
Researchers found that the typical cost of a breach was about $200,000 and that most cyber events cost companies less than 0.4 percent of their annual revenues. The $200,000 cost was roughly equivalent to a typical company's annual information security budget.
“Relative to all the other risks companies face, the cyber risks often aren't as big a deal as we think,” said Sasha Romanosky, author of the study and a policy researcher at RAND, a nonprofit research organization. “It may be bad for you if you are the victim, but it doesn't change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can't begrudge them for working that way.”
“If it is true that on average that businesses lose 5 percent of their annual revenue to fraud, and that the cost of a cyber event represents only 0.4 percent of a firm's revenues, then one may conclude that these hacks, attacks and careless behaviors represent a small fraction of the costs that firms face, and therefore only a small portion of the cost of doing business,” Romanosky said.
Given that finding — and surveys that indicate consumers are mostly satisfied with the ways companies respond to data breaches — he says that businesses “lack a strong incentive to increase their investment in data security and privacy protection.” Moreover, if their losses are not out of line with other costs, he said, “maybe the firms are already doing the right thing,” making government policies to induce more precautions unnecessary.
So, cheer up! There isn't really any significant problem here. Unless you happen to be a consumer, but Hey, if the current ones get damaged, there are always plenty more where they came from...