IT disaster recovery, cloud computing and information security news

Daisy

How much does it cost to recover from an average security breach?

The average budget required to recover from a security breach is $551,000 USD for large enterprises, and $38,000 for small and medium businesses (SMBS) according to a new report by Kaspersky Lab. Based on a worldwide survey of 5,500 companies conducted in cooperation with B2B International, the survey concluded the most expensive types of security breach are employee fraud, cyber-espionage, network intrusion and the failure of third party suppliers.

Nine out of ten companies that took part in the survey reported at least one security incident, but not all were serious or had led to the loss of sensitive data. Results show that breaches were most frequently the result of a malware attack, phishing, leaks of data by employees and vulnerable software which had been exploited.

Cost estimations provide a new perspective on the severity of IT security incidents and the findings show the outlook for SMBs and enterprises is slightly different. Large companies pay significantly more when a security breach is the result of a trusted third party failure. Other expensive types of breaches include fraud by employees, cyber-espionage and network intrusion. By comparison, SMBs tend to lose a significant amount of money on almost all types of breach, paying a similar high price on recovering from acts of espionage as well as DDoS and phishing attacks.

The average enterprise bill and probability of some of the consequences break down as follows:

 

Cost (USD)

Probability of consequence

Professional services (IT, risk management, lawyers)

Up to $84,000

N/a

Lost business opportunities

Up to $203,000

29 percent

Downtime

Up to $1,400,000

30 percent

Indirect spend on staffing, training and infrastructure upgrades

Up to $69,000 for enterprises
(Up to $8,000 for SMBs)

N/a

Reputation damage

Up to $204,750

N/a

The methods used for this survey relied on data from previous years to pinpoint areas where companies have to spend money following a breach, or lose money as a result of a breach. Typically businesses have to spend more on professional services (such as external IT experts, lawyers, consultants, etc.), and earn less thanks to lost business opportunities and downtime.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.