Cybersecurity survey counts the costs of a security breach
By Ryan Noik 6 August 2013 | Categories: newsIt should come as little surprise that the cost of a cyber-security breach within a company is high – and now, a new survey puts an actual number to it - $649 000 (R6.3 million).
This, apparently, is the average cost incurred by large companies in the wake of attack, according to the 2013 Global Corporate IT Security Risks survey conducted by B2B International, in conjunction with Kaspersky Lab.
The survey sought to ask and answer the question how the damages caused by a cyberattack could be quantified in monetary terms. To this end, B2B included only incidents that had occurred in the previous year and the assessment was based on information about losses sustained as a direct result of security incidents.
The financial costs were based on damage resulting from the incident itself, such as losses stemming from critical data leakage, and interruptions to business continuity. Also factored in was the unplanned ‘response’ costs required to prevent future, similar attacks, including hiring and training staff, and hardware, software and other infrastructural updates.
The bigger they are..
Perhaps not too surprising is that the greatest portion of the losses came from the security breach itself, through lost opportunities and profits, along with the cost associated with employing third-party remediation specialists, with both these expenses averaging $566 000 (R5.5 million)
Expenses related to responding to the event after the fact , such as hiring and training staff, as well as updating the hardware and software infrastructure, added an additional average cost of $83 000 (R813 000) to that tally.
Interestingly enough, the survey also found that damages varied depending on the region in which the targeted company resided. North American based companies reported the largest financial ‘hit’ from a cyber-security attack, with an average expense of $818 000. This was in contrast to Europe, which fared a little better, with companies based their reporting an average loss of $627 000.
Small amounts, large consequences
While large companies are certainly popular targets for cybercriminals, small businesses are not entirely shielded either, and can suffer significant loss as well.
According to the survey, while the costs of a cyberattack against small and mid-sized enterprises are considerably lower than for large corporations, when they do occur, these losses deal a significant blow. The average loss resulting from IT security incidents for mid-sized companies was reported as approximately $50 000 (R490 000), of which about $36 000 (R353 000) was accounted for by the incident itself, while the remaining $14 000 (R137 000) came from other associated expenditures.
The survey also revealed that in some cases the financial losses incurred by small companies are accompanied by other losses amounting to around 5% of its annual revenues.
To the point
The conclusion of the survey is a largely obvious one – that the best and least expensive way to handle one’s security being compromised is to prevent it from occurring from the outset.
Kaspersky Lab noted that cyberattacks routinely exploited holes in a company’s security - and pointed out that these could have been patched up if the targeted corporations had “used quality IT security solutions and managed IT infrastructure appropriately.”
The other problem, it added, is that typically companies that have fallen prey to cyberattacks only come to understand the importance and value of these solutions after an incident occurs – meaning additional, preventable costs. It stressed that, in the overwhelming majority of cases, investment in quality, effective IT security would have been considerably less than the costs incurred following a breach.
In other words, the phrase ‘being forewarned is being forearmed’ certainly applies here. Considering just how much of an issue cyber-security has become in our world, a little bit (or a lot) of cyber-security insurance seems as common sense as putting a lock on one’s front door.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?