Security

The cost of cyber-attacks and other digital security ills

Big companies and SMBs are paying dearly for cyber-attacks and security breaches. Of all the various types of incident, security failures by third party suppliers are by far the most expensive.

09 Dec. 2015 Konstantin Pfliegl

Costs in the millions

So-teuer-kommen-Hackerattacken-01
Cyber-attacks and their downstream costs: a multi-million-dollar millstone for business (Photo: Brian Senic / Shutterstock.com)

Companies that fall victim to cyber-attacks can expect major indirect costs in terms of IT outages, money paid to external experts for help with recovery, and lost business opportunities.

Of all the various types of security incident, failures by third party suppliers are by far the most expensive. On average, the total financial impact of cyber-attacks perpetrated via supplier networks and data theft is more than USD 3 million for large enterprises, and just shy of USD 70,000 for SMBs. Similarly, enterprises shell out an average of USD 1.3 million for employee fraud, and about USD 1.1 million for cyber espionage.

These figures come from a recent study by Kaspersky entitled “Damage Control: The Cost of Security Breaches.” Kaspersky Lab surveyed more than 5,500 companies of various sizes worldwide, asking their top managers and IT professionals about the type and amount of losses they experienced as a result of security breaches.

One of the more interesting things to emerge from the study is that many businesses are wary of the cloud, with more than a third of the companies surveyed indicating a lack of trust in software-as-a-service offerings provided by third party suppliers.

Supply chains a data security weak point

Corporate supply chains are still too big and tempting a target for cyber criminals. For example, by attacking a single payments provider, a hacker stands to harvest the payment information of multiple companies. The pay-off for attacking a logistics provider is similarly massive. 18 percent of the companies surveyed attributed cyber security incidents to failures by external providers.

Part of the solution to this problem is to implement rigorous data access policies for internal and external users. “First up, companies need to define access rights for different areas within their corporate networks. This should, for example, involve restricting access by third party providers to company data resources. Furthermore, companies should make sure they have in-depth information on their suppliers’ IT security systems and define interaction rules that serve the interests not just of efficiency and flexibility, but security as well,” explains Holger Suhl, Kaspersky Lab’s General Manager DACH.

Data security is also high on the agenda at the upcoming CeBIT. Among much else, the show will profile the latest solutions for maximizing the security of IoT applications. The data security showcase at CeBIT 2016 will be clustered in Hall 6.

The full Kaspersky study can be downloaded in PDF format from the Kaspersky website.

Security CEBIT RSS Feed