A DDoS attack on a company’s online resources might cause considerable losses – with average figures ranging from $52,000 to $444,000 depending on the size of the company. For many organizations, these expenses have a serious impact on the balance sheet as well as harming the company’s reputation due to loss of access to online resources for partners and customers.
The total costs reflect several problems. According to a study by Kaspersky Lab and B2B International, 61% of DDoS victims temporarily lost access to critical business information, 38% of companies were unable to carry out their core business, and 33% of respondents reported the loss of business opportunities and contracts.
In 29% of DDoS incidents, a successful attack had a negative impact on the company’s credit rating while in 26% of cases it prompted an increase in insurance premiums.
The experts included the costs of remediating the consequences of an incident when calculating the average sum. For example, 65% of companies consulted with IT security specialists, 49% of firms paid to modify their IT infrastructure, 46% of victims had to turn to their lawyers and 41% turned to risk managers. And these are only the most common expenses.
Information about DDoS attacks and subsequent disruption to the business often becomes public, adding to the risks. 72% of victims disclosed information about a DDoS attack on their resources.
Specifically, 43% of respondents told their customers about an incident, 36% reported to representatives of a regulatory authority and 26% spoke to the media. 38% of companies suffered reputational loss as a result of a DDoS attack, and almost one in three affected organizations had to seek the assistance of corporate image consultant.
Bill Barry, Executive Vice President, Nexusguard, comments: “The findings in this report show that many businesses are still adopting a reactive approach to DDoS protection – with 65% hiring IT consultants and 49% spending on software and infrastructure reactively in light of an attack. The fact is that DDoS attacks are becoming more effective and easier to deploy. The methods used by DDoS networks to locate vulnerabilities within security systems are both sophisticated and automated.”
“Leveraging zero-day and zero-plus vulnerabilities in unprotected networks means that they are able to recruit and add infected computers to their attack army at an ever-alarming rate. This increased rate of botnet recruitment not only gives the attacker a flexible arsenal of attacks for causing mayhem, but increases the overall effectiveness and success rate of each attack,” Barry added.
The complete report is available here.