May 28, 2018 by Jason Contant
North America is the most expensive location for a small and medium-sized business (SMB) to suffer a data breach, with SMBs in Canada and the United States also having the highest recovery cost, according to a new study.
This year’s annual Kaspersky Lab Corporate IT Security Risks survey, On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives, had a total of 6,614 respondents from 29 countries, including Canada. It found that the average cost of a breach in North America has reached US$1.6 million, up 23% from US$1.3 million in 2017. SMBs in Canada and the U.S. also have the highest recovery cost, at US$149,000 on average (up 27% from US$117,000 last year).
Rob Cataldo, vice president of enterprise sales at Kaspersky Lab North America, told Canadian Underwriter Friday that across the board, there are many components of cyberattack recovery that are more costly in North America than in other regions, which may be due to the higher cost of doing business in the region.
However, there are also a few “strategic impacts” that drive the cost of a data breach well beyond that of other regions, Cataldo said. “For SMBs in North America, employing external professionals is one of the priciest outcomes of a security breach, and a cost that also increased significantly over the last year,” he said. “This may reflect the region’s growing need for qualified cybersecurity experts and the impact of the IT security skills gap.”
SMBs saw significantly higher costs stemming from factors like employee training and extra PR to repair brand damage, Cataldo noted. There’s also a new growing factor contributing to the rising costs of data breach in North America: penalties and fines behind existing and new data security regulations such as the General Data Protection Regulation, which just came into effect in the European Union.
The percentage of the IT budget being spent on cybersecurity also increased significantly in the last year (SMB security budgets have grown from US$201,000 in 2017 to US$246,000 in 2018; very small businesses have seen average budgets raised from US$2,400 to US$3,900 over the 12 months, “proving that even the smallest of businesses are now taking IT security seriously.”)
“While it may seem expensive to invest in security in the short term, proactively increasing security spending on the right solutions could allow businesses to avoid higher recovery costs in the long run,” Cataldo said.
Last week, new managing general agent (MGA) Boxx Insurance launched its flagship product Cyberboxx for SMBs. Available exclusively through brokers, the product focuses on the needs of smaller organizations that probably do not have an IT specialist, let alone an entire cybersecurity team to monitor and identify potential intrusions, Boxx Insurance CEO and co-founder Vishal Kundi told Canadian Underwriter.