Costs to Recover from an Attack: Report

Wednesday, October 7, 2015 @ 02:10 PM gHale

The average cost of a cyber attack is $551,000 for enterprises and $38,000 for small businesses, a new report said.

On top of that, 90 percent of the 5,500 companies surveyed reported at least one security incident and nearly half, 46 percent of businesses, lost sensitive data due to an internal or external security threat, according to the Kaspersky Lab and B2B International IT Security Risks Survey.

Companies Still Gambling with Security
Board Security Knowledge Questioned
Security Differences by Industry
Strategy Shift: Security by Design

While damages from a cyber attack vary with the scope of the incident, typical expenses to address a breach include professional services (IT, risk management, lawyers), lost business opportunities and suffering from unplanned downtime. The average enterprise cyber attack bill includes:
• Professional services: up to $73,000
• Lost business opportunities: up to $58,000
• Unplanned Downtime: up to $420,000
• Total: $551,000

The average bill for a small business may be less expensive on paper, but it could ultimately be a company killer. The average small business bill consists of:
• Professional services: up to $10,000
• Lost business opportunities: up to $5,000
• Downtime: up to $23,000
• Total: $38,000

In addition to typical costs that businesses experience as a result of an attack, organizations large and small will also need to address staffing, training and IT infrastructure upgrades to prevent future incidents from occurring. Those costs could be up to $69,000 for an enterprise and up to $8,000 for a small business. It is also important to factor in the reputational damage that could impact an organization as a result of a cyber attack, which could total $204,750 for an enterprise and up to $8,653 for a small business.

“Businesses have known for a long time that any cyber attack has its consequences, but the high costs associated with addressing a cyber attack after an incident occurs is quite alarming,” said Chris Doggett, managing director of Kaspersky Lab North America. “These numbers should serve as a wakeup call for both large and small businesses.”

The Kaspersky Lab IT Security Risks Survey also examined the types of security incidents that most often contribute to organizations. Malware attacks were the most common type of cyber attack that businesses experienced at 24 percent. Companies suffered phishing attacks and accidental data leaks by employees ended up reported by 10 percent of organizations that experienced at least one incident. These causes often lead to lasting consequences for businesses. The survey found the top three consequences experienced as a result of an attack include loss of access to business-critical information at 48 percent, damage to company reputation at 44 percent and temporary loss of ability to trade at 36 percent.

Even though most organizations have experienced at least one security incident, businesses are still not doing enough to protect themselves from what could be a financially crippling attack, the report said.

Click here to download the report.