On average, a single cybersecurity incident now costs large businesses a total of $861,000. Meanwhile, SMBs pay an average of $86,500. To assess the state of the security landscape in the U.S. and across the world, Kaspersky Lab looked at the attitudes toward security, the cost of data breaches and the losses incurred from incidents.
Cost of recovery vs. time needed to discover a security breach, for SMBs
According to a new Kaspersky Lab survey, nearly half (49 percent) of U.S. businesses, and over half globally (52 percent), assume that their IT security will be compromised at some point. Although businesses may not want to admit it, the research uncovers that many companies have already experienced security threats.
Over the past 12 months, more than a third (34 percent) of U.S. businesses have been affected by viruses and malware causing a loss of productivity and 32 percent have experienced inappropriate IT resource use by employees. When asked about the number of breaches that they have experienced over the past 12 months, 77 percent of U.S. businesses admitted that they have suffered between one and five separate incidents of data loss, leakage or exposure (compared to 82 percent globally).
Although the most frequent cost of a cyberattack is due to the need for additional staff wages, businesses reported significant spending due to lost business opportunities and improvement in IT security. Some major findings from the survey include:
- 27 percent of companies in the U.S. admitted that they have experienced the physical loss of devices or media containing data.
- A third (30 percent) of respondents claim the physical loss of mobile devices has exposed the organization to risk.
- 14 percent of U.S. businesses have lost access to critical business information for a week (compared to 10 percent of businesses globally), with 13 percent being prevented from trading completely for more than one week.
- For one in ten (10 percent) U.S. businesses it can take up to a year to discover that a breach has occurred.
Cost of recovery for SMBs
This lack of awareness and preparation is alarming for what nearly half of U.S. businesses see as an inevitable consequence of the complex technology landscape. Currently 73 percent of companies surveyed in the U.S. say that they are spending less than 20 percent of their IT budget on security.
As more and more businesses begin to fear the financial, operational and reputational losses as the result of a cyberattack, more emphasis is being placed on IT security plans to protect the platforms and infrastructures they depend on. This change of perception has seemingly affected three quarters of the respondents in the U.S. (75 percent) who expect to increase their IT security spending over the next three years.