The average cost of a cyberattack is more than half a million United States dollars for enterprises, according to a survey from Kaspersky Lab released on Wednesday.
The Damage control: The cost of security breaches report, from Kaspersky Lab and B2B International, found that the average cost of a cyberattack was US$551,000 for enterprises and US$38,000 for small businesses. “These costly attacks are now almost routine with 90% of the 5,500 companies surveyed reporting at least one security incident and nearly half, 46% of businesses, lost sensitive data due to an internal or external security threat,” Kaspersky said in a press release.
While damages from a cyberattack vary with the scope of the incident, typical expenses to address a breach include professional services (IT, risk management, lawyers), lost business opportunities and downtime. The average enterprise cyberattack bill includes up to US$73,000 for professional services, up to US$58,000 for loss business opportunities and up to US$420,000 for downtime.
While the average cybersecurity bill for a small business that experiences an attack may be less expensive on paper, it may be crippling for organizations that are typically time and resource starved, Kaspersky warned. For a small business, professional services could cost up to US$10,000, up to US$5,000 for lost business opportunities and up to US$23,000 for downtime.
In addition to typical costs that businesses experience as a result of a cyberattack, organizations both large and small need to address staffing, training and IT infrastructure upgrades to prevent future incidents from occurring. Those costs could be up to US$69,000 for an enterprise and up to US$8,000 for a small business, the release noted.
It is also important to factor in the reputational damage that could impact an organization as a result of a cyberattack, which could total up to US$204,750 for an enterprise and up to US$8,653 for a small business. [click image below to enlarge]
“Businesses have known for a long time that any cyberattack has its consequences, but the high costs associated with addressing a cyberattack after an incident occurs is quite alarming,” said Chris Doggett, managing director of Kaspersky Lab North America, in the release. “These numbers should serve as a wakeup call for both large and small businesses. IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill.”
The report found that malware attacks were the most common type of cyberattack that businesses experienced, at 24%. Both phishing attacks and accidental data leaks by employees were experienced by 10% of organizations that experienced at least one cybersecurity incident. The survey found that the top three consequences experienced as a result of a cyberattack include loss of access to business-critical information at 48%, damage to company reputation at 44% and temporary loss of ability to trade at 36%.
Although most organizations report experiencing at least one cybersecurity incident, only 50% of IT professionals surveyed listed prevention of security breaches as one of their three major IT concerns and 44% of businesses had not implemented anti-malware solutions to prevent IT security breaches.