A single cybersecurity incident now costs large businesses US $861,000 while small and medium enterprises (SMEs) end up paying US $86,500 for such breaches according to Kaspersky Lab’s new report titled “Measuring the Financial Impact of IT Security on Businesses”.
The cost of recovery significantly increases depending on the time of discovery. Here, SMEs tend to pay 44% more to recover from an attack discovered a week or earlier after the initial breach, compared to attacks spotted within one day while large corporates pay a 27% premium in the same circumstances.
Kaspersky Lab’s “Measuring the Financial Impact of IT Security on Businesses” is based on the 2016 Corporate IT Security Risks survey.
In the report, Kaspersky Lab compared an organization’s security budget to losses incurred from serious incidents. Overall, businesses expect IT Security budgets to grow at least 14% over the next three years, due to the increased complexity of IT infrastructure. A typical SME currently spends 18% of its total IT budget on security, whereas large enterprises allocate 21% of the budget. The research shows a significant disparity between businesses of differing sizes, with annual security budget varying from just US $1,000 for very small businesses to more than US $1 million for large corporates.
To estimate the total cost of recovery, Kaspersky Lab and B2B International asked businesses to report their losses from the most serious security incident in different categories. Although the most frequent cost is for additional staff wages, businesses reported significant spending due to lost business opportunities, improvement in IT security, employing external specialists and hiring new staff. Large enterprises spend US $79,000 on training and US $85,000 on requesting help from external experts, which translates to 19% of the total loss.
“Based on our worldwide survey, the average IT Security budget is ‘worth’ just 2.5 cyberattacks once all direct and indirect losses are taking into account. With thousands of threats attacking corporate world every day, an efficient cybersecurity definitely pays off. Businesses understand the threat clearly; 59% of SMEs and 62% of enterprises say they will improve their security regardless of an ability to measure return,” comments Vladimir Zapolyansky, Head of SME Marketing, Kaspersky Lab.
“However, the survey proves that reaction time post-breach has a direct impact on financial losses. This is something that cannot be remedied via budget increases. It requires talent, intelligence and an agile attitude towards protecting one’s business. As a security vendor, our goal is to provide tools and intelligence for businesses of all sizes, keeping in mind the difference in ability to allocate security budgets,” adds Zapolyansky.
The “Measuring the Financial Impact of IT Security on Businesses” is available here for download.