Kaspersky Lab announced a new report from Kaspersky Lab and B2B International, “IT Security: cost-center or strategic investment?” which found that this year, the cost of a cyberattack increased for enterprises in North America.
Based on a survey of over 5,000 businesses across 30 countries, the findings this year reveal that the total impact of a data breach in North America now amounts to $1.3M for enterprises (compared to $1.2M in 2016) and $117K per incident for SMBs. The results also show promising developments in the importance being placed on IT security.
Businesses are starting to view IT security as a strategic investment and the share of budgets spent on IT security is growing, reaching 18 percent compared to 16 percent in 2016. This pattern is consistent across very small businesses as well as small and medium-sized businesses. In 2016, the main reason businesses in North America wanted to increase IT security budgets was due to new business activities/expansion, but this year the increased complexity of IT infrastructure is driving budget increases.
However, while security appears to be receiving a larger proportion of the IT budget pie, the pie itself is getting smaller. For example, the average IT security budget for enterprises globally dropped from $25.5M last year to $13.7M in 2017. This is a concern for businesses, especially given the fact that – unlike IT security budgets – security breaches aren’t getting cheaper to recover from.
Raising IT security budgets on a global scale is only part of the solution, but this allows businesses to take a proactive approach and avoid costly security bills when incidents occur. The top financial loss in North America when a data breach occurs stems from additional staff wages needed for enterprises ($207K), compared to loss of business ($21K) and having to employ external professionals ($21K) for SMBs.
Additionally, the most costly cybersecurity threats to enterprise businesses are the physical loss of devices or media containing data and for SMBs, the most costly threat is targeted attacks. Businesses need to recognize these risks and ensure they have security measures in place to manage these substantial threats to their organizations.
‘’While cybersecurity incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of enterprise business division at Kaspersky Lab. “This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill.”
To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab introduces the Kaspersky IT Security Calculator. This business tool is an ultimate guide to the cost of IT security based on the average budgets being spent (by region, industry and company size), security measures, the major threat vectors, money losses and tips on how to avoid a compromise.