A single cyber security incident now costs large businesses around $861 000 on average, while small and medium businesses (SMBs) end up paying an average of $86 500 per incident.
These are the main findings of Kaspersky Lab's report titled, "Measuring the Financial Impact of IT Security on Businesses," which is based on the 2016 Corporate IT Security Risks survey. In the report, Kaspersky Lab compared an organisation's security budget to losses incurred from serious cyber security incidents. The research shows a significant disparity between businesses of differing sizes, with annual security budget varying from just $1 000 for very small businesses to more than one million US dollars for large companies.
"Most alarmingly, is that the cost of recovery significantly increases, depending on the time of discovery. SMBs tend to pay 44% more to recover from an attack discovered a week or more after the initial breach, compared to attacks spotted within one day. Enterprises pay a 27% premium in the same circumstances," reveals the report.
Riaan Badenhorst, managing director, Kaspersky Lab Africa, says the average IT security budget is worth just 2.5 cyber attacks once all direct and indirect losses are taken into account.
"With thousands of threats attacking the corporate world every day, efficient cyber security definitely pays off. Businesses understand the threat clearly; 59% of SMBs and 62% of enterprises say they will improve their security regardless of an ability to measure return," he explains. "The survey proves that reaction time post-breach has a direct impact on financial losses. This is something that cannot be remedied via budget increases. It requires talent, intelligence and an agile attitude towards protecting one's business."
To estimate the total cost of recovery, Kaspersky Lab and B2B International asked businesses to report their losses from the most serious security incident in different categories. Although the most frequent cost is for additional staff wages, businesses reported significant spending due to lost business opportunities, improvement in IT security, employing external specialists and hiring new staff. Enterprises spend $79K on training and $85K on requesting help from external experts -19% of the total loss, notes the report.
Overall, businesses expect IT Security budgets to grow at least 14% over the next three years, due to the increased complexity of IT infrastructure. A typical small business currently spends 18% of their total IT budget on security, whereas enterprises allocate 21%.
The Global Economic Crime Survey 2016 conducted by PWC revealed that nearly a third (32%) of South African organisations have experienced cyber crime, and that the number is growing rapidly.
"Barely a day goes by without stories about breaches commanding global headlines, and SA is no different," says Guy Whitcroft, CEO at Westcon-Comstor Southern Africa. "Although SA businesses perceive themselves as being unattractive targets to global hackers, this is not the case. In fact, research by the South African Banking Risk Information Centre revealed that not only is SA losing over R1 billion each year to cyber crime, the scourge has increased by nearly 30% since 2013."
Share