Security breaches cost enterprise an average of $US551,000, according to a report released by Kaspersky Labs.
The worldwide survey of 5500 companies also found SMBs are forced to pay $US38,000 on average in the aftermath of a cyber-attack.
Kaspersky Lab head of market intelligence, Brian Burke, said the industry had not seen too many reports on the consequences of IT security breaches, estimating a loss in real money.
“It is hard to come up with a reliable method of producing an average, but we understood that we had to do it, to bridge the theory of the corporate threat landscape with business practice. As a result, we have a list of corporate threats that caused the most significant damage – the ones we believe businesses should pay the utmost attention to,” he said.
According to the report, the most expensive types of security breaches are employee fraud, cyber-espionage, network intrusion and the failure of third party suppliers.
As part of the study, Kaspersky Labs has released a list of the average bill for a breached enterprise.
- Professional services (IT, risk management, lawyers): up to $US84,000 with a probability of 88 per cent
- Lost business opportunities: up to $US203,000 at 29 per cent
- Downtime: up to $US1.4 million, 30 per cent
- Total average: $US551,000
- Indirect spend: up to $US69,000
- Including reputation damage: up to $US204,750
Kaspersky said nine out of ten companies that took part in the survey reported at least one security incident. However, not all these incidents were serious and/or lead to the loss of sensitive data.
The security firm said a serious security breach is most frequently the result of a malware attack, phishing, leaks of data by employees and exploited vulnerable software.
In addition, the report showed large companies pay significantly more when a security breach is the result of a trusted third party failure. Other expensive types of breaches detailed include fraud by employees, cyber-espionage and network intrusion.
Kaspersky said SMBs tend to lose a significant amount of money on almost all types of breaches, paying a similar high price on recovering from acts of espionage, as well as DDoS and phishing attacks.