Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Cyber security breach cost analysis

Kaspersky Lab UK : 01 July, 2013  (Technical Article)
Kaspersky Lab details the high costs involved in cyber attacks on small businesses and analyses the source of those costs
Cyber security breach cost analysis

£406,000 is the average cost incurred by large European companies in the wake of a cyber-attack, according to the 2013 Global Corporate IT Security Risks survey conducted by B2B International, in conjunction with Kaspersky Lab.

Any cyber-attack can cause damages for a company, but how can those damages be quantified in financial terms? In 2013, experts at B2B International calculated the damages stemming from cyber-attacks based on the results of a survey of companies around the world.

In order to get the most accurate picture of costs, B2B included only incidents that had occurred in the previous 12 months; the assessment was based on information about losses sustained as a direct result of security incidents. This comprised two main components:

* Damage resulting from the incident itself – i.e. losses stemming from critical data leakage, business continuity, and the costs associated with engaging incident remediation specialists;

* Unplanned ‘response’ costs required to prevent future, similar attacks, including hiring/training staff and hardware, software and other infrastructural updates.

Researchers did not incorporate data about some losses and expenses incurred by a comparatively small number of surveyed companies, such as costs stemming from the need to release a public statement about the incident.

After crunching the numbers, it appears that the majority of losses are caused by the incident itself. Lost opportunities and profits, as well as payments to third-party remediation specialists, average out at £368,000. “Response” expenses for hiring and training staff, as well as updating the hardware and software infrastructure adds an additional average payment of £38,000.

Interestingly, damages also varied depending on the region in which the targeted company operates, with Europe displaying a lower cost of damages than a number of other regions. For example, the largest damages were associated with incidents that involved companies operating in North America — an average of £530,000, followed closely by South America at £526,000.

The costs of a cyber-attack against small and mid-sized enterprises are lower than for large corporations. Nonetheless, considering the smaller size of these companies, the amounts still deal a significant blow. The average loss resulting from IT security incidents for mid-sized European companies came in at roughly £36,000, of which approximately £25,000 is accounted for by the incident itself, while the remaining £11,000 comes from other associated expenditures.

Looking at the global statistics, the largest average losses from cyber-attacks among small and mid-sized businesses were recorded at £62,000 for companies in Asia-Pacific. Second place went to companies in North America, with average losses of £53,000. The lowest losses from cyber-attacks were seen in Russia, at £14,000 on average.

The survey also revealed that in some cases the financial losses incurred by small companies are accompanied by other losses amounting to approximately 5 per cent of annual revenues. In one case, a company lost all of its business in a region where it had been successful prior to the incident.

A key lesson to be drawn from this study is that even the most destructive and expensive attacks could have been prevented. Attacks exploited holes in company security that could have been patched up if only the targeted corporations had used quality IT security solutions and managed IT infrastructure appropriately.

Kaspersky Endpoint Security for Business provides effective protection against all types of cyber threats, including targeted attacks. It also enables key controls such as automatic patch management and vulnerability scanning, capable of ensuring regular, consistent updates to corporate endpoints, in addition to the secure integration of mobile devices into the corporate network.

Typically, companies that have fallen prey to cyber-attacks only come to understand the importance and value of these solutions after an incident occurs – meaning additional, preventable costs. A simple comparison of the scale of expenses against the costs and damages caused by a cyber-attack shows that, in the overwhelming majority of cases, investment in quality, effective IT security would have been considerably less than the costs incurred following a breach.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo