On average, a single cyber-security incident now costs large American businesses $861,000. Meanwhile, small and medium businesses (SMBs) in the US pay $86,500.
In the 2016 survey released last week, Kaspersky Lab, for the first time, compared an organization’s security budget to losses incurred from serious incidents. And while businesses expect IT security budgets to grow at least 14 per cent over the next three years, there is a substantial gap between businesses of different sizes, with annual security budgets varying from just $1,000 for very small businesses to more than one million US dollars for large enterprise companies.
The study asked over 4000 representatives of small, medium and large businesses from 25 countries for their views on IT security and the real incidents they’ve dealt with. The findings show that enterprises pay a 27 percent premium if it takes them more than a week to discover an initial breach, while SMBs pay a whopping 44 percent more to recover in the same situations. This further demonstrates that reaction time post-breach directly impacts a business’ financial loss.
To estimate the total cost of recovery, respondents were asked to report their losses from the most serious security incident in different categories. Although the most frequent cost is for additional staff wages, businesses reported significant spending due to lost business opportunities, improvement in IT security, employing external specialists and hiring new staff. Enterprises spent $79K on training and $85K on external experts –19 per cent of their total loss.
The study also found:
- A third (30%) of respondents claim the physical loss of mobile devices has exposed the organization to risk.
- 14 percent of U.S. businesses have lost access to critical business information for a week.
- For one in ten (10 percent) U.S. businesses it can take up to a year to discover that a breach has occurred.
Poring through the statistics, you find the average IT security budget is “worth” about 2.5 cyber-attacks, which isn’t much when you consider US businesses faces thousands of intrusion attempts every day.
But there is a glimmer of hope. A healthy 75 percent of these businesses expect to increase their IT security spending over the next three years.
Chart Source: Kaspersky Lab