Security breaches cost businesses $US551,000 each: Kaspersky Labs

New report shows enterprise spends an average of $US551,000 to recover from security breaches

Security breaches cost enterprise an average of $US551,000, according to a report released by Kaspersky Labs.

The worldwide survey of 5500 companies also found SMBs are forced to pay $US38,000 on average in the aftermath of a cyber-attack.

Kaspersky Lab head of market intelligence, Brian Burke, said the industry had not seen too many reports on the consequences of IT security breaches, estimating a loss in real money.

β€œIt is hard to come up with a reliable method of producing an average, but we understood that we had to do it, to bridge the theory of the corporate threat landscape with business practice. As a result, we have a list of corporate threats that caused the most significant damage – the ones we believe businesses should pay the utmost attention to,” he said.

According to the report, the most expensive types of security breaches are employee fraud, cyber-espionage, network intrusion and the failure of third party suppliers.

As part of the study, Kaspersky Labs has released a list of the average bill for a breached enterprise.

  • Professional services (IT, risk management, lawyers): up to $US84,000 with a probability of 88 per cent
  • Lost business opportunities: up to $US203,000 at 29 per cent
  • Downtime: up to $US1.4 million, 30 per cent
  • Total average: $US551,000
  • Indirect spend: up to $US69,000
  • Including reputation damage: up to $US204,750

Kaspersky said nine out of ten companies that took part in the survey reported at least one security incident. However, not all these incidents were serious and/or lead to the loss of sensitive data.

The security firm said a serious security breach is most frequently the result of a malware attack, phishing, leaks of data by employees and exploited vulnerable software.

In addition, the report showed large companies pay significantly more when a security breach is the result of a trusted third party failure. Other expensive types of breaches detailed include fraud by employees, cyber-espionage and network intrusion.

Kaspersky said SMBs tend to lose a significant amount of money on almost all types of breaches, paying a similar high price on recovering from acts of espionage, as well as DDoS and phishing attacks.