The average budget required to recover from a security breach is $551,000 for enterprises, and $38,000 for small and medium businesses, according to a new report by the IT security product company Kaspersky Lab. Based on a worldwide survey of 5,500 companies done with B2B International, the survey concluded the most expensive types of security breach are employee fraud, cyber-espionage, network intrusion and the failure of third party suppliers.
Nine out of ten companies that took part in the survey reported at least one security incident, but not all were serious and/or lead to the loss of sensitive data. Results show most frequently breaches were the result of a malware attack, phishing, leaks of data by employees and vulnerable software which had been exploited.
Cost estimations provide a new perspective on the severity of IT security incidents and the findings show the outlook for SMBs and enterprises is slightly different. Large companies pay significantly more when a security breach is the result of a trusted third party failure. Other expensive types of breaches include fraud by employees, cyber-espionage and network intrusion.
By comparison, SMBs tend to lose a significant amount of money on almost all types of breach, paying a similar high price on recovering from acts of espionage as well as DDoS and phishing attacks.
Brian Burke, Head of Market Intelligence Team, Kaspersky Lab, said: “We haven’t seen too many reports on the consequences of IT security breaches, estimating a loss in real money. It’s hard to come up with a reliable method of producing an average, but we understood we had to do it to bridge the theory of the corporate threat landscape with business practice. As a result, we have a list of corporate threats that caused the most significant damage – the ones we believe businesses should pay the utmost attention to.”
The methods used for this survey relied on data from previous years to pinpoint areas where companies have to spend money following a breach, or lose money as a result of a breach. Typically businesses have to spend more on professional services (such as external IT experts, lawyers, consultants), and earn less thanks to lost business opportunities and downtime. Visit https://securelist.com/.
