The average cost of a security incident for large businesses is $861,000, and for SMBs is $86,500, according to new research from Kaspersky Lab. The report, Measuring the Financial Impact of IT Security on Businesses, released this week, details the financial impact of security breaches and what companies around the world are doing about it.
The report is based on the 2016 results of the annual Corporate IT Security Risks survey, conducted by Kaspersky and B2B International. The survey included 4000 respondents from different sized organizations in 25 countries.
Roughly half of businesses in the U.S. (49 percent) and globally (52 percent) assume that their IT security will be breached sooner or later. This is a recognition of reality, as 77 percent of U.S. businesses and 82 percent globally have experienced between 1 and 5 seperate data security incidents in the last year.
Over one-third of businesses (38 percent) have lost productivity to malware or viruses in the last 12 months, while 36 percent have had inappropriate IT resource used by employees, and 21 percent have experienced data loss or exposure caused by targeted attacks.
Additionally, close to 3 out of 10 companies physically lost a device containing data. Of all security incidents, 43 percent resulted in data loss or exposure of some kind, adding significantly to the high cost of incidents. The largest area of additional cost from security incidents is additional wages for IT staff.
Considering the costs breaches entail, it makes sense that SMBs are particularly concerned with security when selecting cloud hosting providers, as indicated by a recent survey. A survey of SMBs in the U.S., U.K., and Australia released late last year by Webroot suggested their cybersecurity budgets would increase by 22 percent this year.
In part because of the difference in overtime costs, fast recognition of a breach greatly reduces cost, with attacks recognized over a week later costing almost four times as much for SMBs and almost three times as much for enterprises as those recognized nearly instantly by a detection system. Shockingly, 1 in 10 U.S. businesses said it can take up to a year to discover a breach.
“The survey proves that reaction time post-breach has a direct impact on financial losses,” Vladimir Zapolyansky, Head of SMB Marketing, Kaspersky Lab said in a statement. “This is something that cannot be remedied via budget increases. It requires talent, intelligence and an agile attitude towards protecting one’s business. As a security vendor, our goal is to provide tools and intelligence for businesses of all sizes, keeping in mind the difference in ability to allocate security budgets.”
It security budgets are increasing, however, by an average of 14 percent over the next three years. Similar numbers of enterprises (48 percent) and SMBs (42 percent) see IT infrastructure complexity as a driver of security budgets. Enterprises are more impacted by hacktivism, while SMBs have a higher proportion of exploitation of mobile devices.