The average budget required to recover from a security breach is now $551,000 for enterprises and $38,000 for small businesses, according to Kaspersky Lab.
The average enterprise cyberattack bill includes: Professional services, up to $73,000; lost business opportunities, up to $58,000; downtime, up to $420,000. But, reputational damage that could impact an organization as a result of a cyberattack could total up to $204,750 for an enterprise and up to $8,653 for a small business.
In contrast, staffing, training and IT infrastructure upgrades to prevent future incidents from occurring cost up to $69,000 for an enterprise and up to $8,000 for a small business.
Despite the numbers, only 50% of IT professionals list prevention of security breaches as one of their three major IT concerns, even though a full 90% of companies reported at least one security incident. Nearly half, 46% of businesses, lost sensitive data due to an internal or external security threat. Yet, 44% of businesses have not implemented anti-malware solutions to prevent IT security breaches.
Simply put, the survey shows that most businesses are not doing enough to protect themselves from what could be a financially crippling cyberattack.
“Businesses have known for a long time that any cyberattack has its consequences, but the high costs associated with addressing a cyberattack after an incident occurs is quite alarming,” said Chris Doggett, managing director of Kaspersky Lab North America. “These numbers should serve as a wakeup call for both large and small businesses. IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill.”
The Kaspersky Lab IT Security Risks Survey also examined the types of security incidents that most often contribute to organizations having to pay a high cybersecurity bill. Malware attacks were the most common type of cyberattack that businesses experienced at 24%. Both phishing attacks and accidental data leaks by employees were experienced by 10% of organizations that experienced at least one cybersecurity incident.
These causes often lead to lasting consequences for businesses. The survey found that the top three consequences experienced as a result of a cyberattack include loss of access to business-critical information at 48%, damage to company reputation at 44% and temporary loss of ability to trade at 36%.