Businesses with an internal Security Operation Centre (SOC) estimate their financial damage from a cyberattack at £548,000 or less than half the average impact cost for all enterprise-level organisations at £1.1m, a new survey from Kaspersky and B2B International suggests.
The cyber firm says that data breaches are becoming more expensive for enterprises. In 2019, this cost has risen to £1.1m, up from £900,990 the previous year, the new ‘IT security economics in 2019: how businesses are losing money and saving costs amid cyberattacks’ report by Kaspersky shows. Hence, large organisations are investing more in cyber security.
As the report shows, investing in security software and IT security professionals brings results. This is reflected in companies with an internal SOC experiencing less damage from data breaches. Enterprises can look to reduce the financial impact of a data breach by building an internal SOC, responsible for the ongoing monitoring of security events and incident response. Adopting an SOC halves monetary loses from data breaches to just £548k. There are savings for larger SMBs (with 500-plus employees) who adopt an SOC as well, with the total financial impact of a data breach for these businesses estimated at £86k.
An outsourced SOC, however, doesn’t reduce the cost of data breaches for enterprises. The survey showed that outsourcing security to a Managed Security Service Provider (MSP) may actually increase the financial impact, particularly if the company use an under-qualified subcontractor: 23pc of companies that use an MSP experienced a financial impact of between £89k-202k, while only 19% businesses with an in-house IT team reported this level of damage.
Another way to keep the cost of a breach down is by hiring a DPO (data protection officer). This is an employee who is responsible for data protection strategy within a company, as well as managing compliance issues. The survey highlighted that more than one-third of organisations (34pc) with a DPO that suffered a data breach did not incur any financial loss, compared to only one-fifth (20pc) of businesses overall.
Veniamin Levtsov, VP, Corporate Business at Kaspersky says: “Establishing an internal SOC involves purchasing the necessary tools, building processes and recruiting analysts, which can be a challenge for any business. Likewise, finding a DPO, who can combine IT security and legal knowledge, is not an easy task. These require time and budgets, and security leaders often find it difficult to justify such initiatives. But as we can see, these are worthwhile investments. Of course, just having a dedicated employee or even special subdivision does not guarantee that a company will not suffer a data breach, however, it does ensure that the business is prepared for these incidents, allowing them to recover from an attack more quickly and efficiently.”
