In industry, the average cost per cyberattack is 5 million euros.
Industry & EmploymentEuropean Union
- Omissions
- The claim presents '5 million euros' as the average cost, but the closest available source (Kaspersky) frames $5 million (USD) as a damage threshold exceeded by only ~25% of industrial companies — not the average. If 75% of companies have damages below $5M, the true average is likely lower, though heavily skewed distributions could push it higher.
- Currency mismatch: the available source uses US dollars, not euros. At the time relevant to the claim, $5M ≈ €4.6M.
- Geographic scope mismatch: the Kaspersky data is global, not EU-specific. The MEP claimed this in the context of European Parliament debate, implying an EU scope that the available data does not isolate.
- No time period is specified in the claim, making precise verification impossible. Available data spans 2024–2025 publications.
- The claim refers to 'cyberattacks' broadly, while most available cost benchmarks (IBM, DeepStrike) measure 'data breaches' specifically — a narrower category that may carry different average costs than ransomware, DDoS, or other attack types.
- No primary official source (Eurostat, ENISA, ECB) publishes an 'average cost per cyberattack for EU industry' metric. The MEP cited no source.
- Sources
- SecondaryKasperskyAlmost a quarter of industrial companies report cyberattack damages exceeding $5 million. This frames $5M as a threshold exceeded by ~25% of firms, not as an average cost.
- SecondaryDeepStrikeGlobal average data breach cost: $4.44M (down from $4.88M). This is the global cross-sector average for data breaches, not cyberattacks generally, and not EU-industry specific.
- SecondaryZeroThreatCyberattacks cost firms with over 1,000 employees in the U.S. and Europe an average of more than $53,000 per incident. This illustrates the wide variance in cost definitions depending on what is measured.