OREANDA-NEWS. October 09, 2015. Most organizations have experienced a cyberattack, and the Kaspersky Lab and B2B International IT Security Risks Survey found that the average cost of these attacks is \\$551,000 for enterprises and \\$38,000 for small businesses. These costly attacks are now almost routine with 90 percent of the 5,500 companies surveyed reporting at least one security incident and nearly half, 46 percent of businesses, lost sensitive data due to an internal or external security threat.

An Average Cyberattack Bill                                             

While damages from a cyberattack vary with the scope of the incident, typical expenses to address a breach include professional services (IT, risk management, lawyers), lost business opportunities and downtime. The average enterprise cyberattack bill includes:

  • Professional services: up to \\$73,000
  • Lost business opportunities: up to \\$58,000
  • Downtime: up to \\$420,000
  • Total: \\$551,000

The average cybersecurity bill for a small business that experiences an attack may be less expensive on paper; however, it may be crippling for organizations that are typically time and resource starved. The average small business cyberattack bill is comprised of:

  • Professional services: up to \\$10,000
  • Lost business opportunities: up to \\$5,000
  • Downtime: up to \\$23,000
  • Total: \\$38,000

In addition to typical costs that businesses experience as a result of a cyberattack, organizations both large and small will also need to address staffing, training and IT infrastructure upgrades to prevent future incidents from occurring. Those costs could be up to \\$69,000 for an enterprise and up to \\$8,000 for a small business. It is also important to factor in the reputational damage that could impact an organization as a result of a cyberattack, which could total up to \\$204,750 for an enterprise and up to \\$8,653 for a small business.

“Businesses have known for a long time that any cyberattack has its consequences, but the high costs associated with addressing a cyberattack after an incident occurs is quite alarming,” said Chris Doggett, managing director of Kaspersky Lab North America. “These numbers should serve as a wakeup call for both large and small businesses. IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill.”

Causes and Consequences of a Cyberattack

The Kaspersky Lab IT Security Risks Survey also examined the types of security incidents that most often contribute to organizations having to pay a high cybersecurity bill. Malware attacks were the most common type of cyberattack that businesses experienced at 24 percent. Both phishing attacks and accidental data leaks by employees were experienced by 10 percent of organizations that experienced at least one cybersecurity incident. These causes often lead to lasting consequences for businesses. The survey found that the top three consequences experienced as a result of a cyberattack include loss of access to business-critical information at 48 percent, damage to company reputation at44 percent and temporary loss of ability to trade at 36 percent.

A High Number of Incidents Not Impacting Security Adoption

Unfortunately, even though most organizations have experienced at least one cybersecurity incident, many businesses are not doing enough to protect themselves from what could be a financially crippling cyberattack. Only 50 percent of IT professionals surveyed list prevention of security breaches as one of their three major IT concerns and 44 percent of businesses have not implemented anti-malware solutions to prevent IT security breaches.

To help prevent organizations from experiencing a costly cybersecurity incident, Kaspersky Endpoint Security for Business provides reliable protection against known, unknown and advanced cyberthreats. Kaspersky Lab’s flagship product for business combines the ease of centralized deployment, management and control over all devices connected to the corporate network together with multi-layered protection against known, unknown and advanced cyberthreats. With features such as security and mobile device management, system and patch management, and encryption, IT administrators can easily secure their organization, detect vulnerabilities, identify unpatched applications, and install and administer security policies across their entire corporate network. To learn more about Kaspersky Endpoint Security for Business, please visit: http://usa.kaspersky.com/business-security

For small businesses looking to better combat costly cyberattacks, Kaspersky Small Office Security is a solution specifically designed to protect the IT infrastructure of small businesses. The solution’s components can protect Windows devices (both servers and workstations), as well as OS X and Android devices. The cloud-based console can be used to protect the entire IT infrastructure from any location. The solution is designed to enable even non-IT professionals to effectively control the company’s IT security system. To learn more about Kaspersky Small Office Security, please visit: http://usa.kaspersky.com/small-office-security