The cost of cyberattacks just keeps climbing

Cyberattacks are going to cost companies some serious cash. The only really question is how much it will be and what steps you need to take to prepare for these devastating incidents. 

In 2014, the average cost of a cyberattack went up 23% from last year to $639,462, a report from HP and The Ponemon Institute has found. The average time to contain these attacks was also 31 days, up from 27 days last year.

There’s no standard cost or time to recovery for cyberattacks, but the report also broke down which types of incidents were most costly. Some key findings:

  • Insider threats are costly. While malicious insiders made up only 8% of the total cost of cyberattacks last year, each incident was particularly bad. The average incident cost $213,542, more than any other type of incident measured. It also took an average of 58.5 days to contain these attacks, by far the longest of any type of attack.
  • Denial of Service (DoS), web-based attacks follow. The second and third costliest attacks are web-based and DoS attacks. The average DoS sets companies back $166,545, and the average cost of a web-based attack is $116,424.
  • Frequency doesn’t necessarily mean cost. The two most frequent kinds of attacks – “viruses, worms and Trojans” and “malware” – dealt in volume, not total cost. Viruses, worms and Trojans were experienced by 98% of companies surveyed and malware hit 97%, but they only accounted for 4% and 6% of total cyberattack costs. So while these attacks were all but guaranteed, the financial fallout wasn’t too damaging.
  • Of note for users. If you’re looking for takeaways from this survey for your users, two categories will be of note. Phishing and social engineering attacks averaged $45,959 per incident and stolen devices averaged $43,565. While these weren’t the most expensive attacks, it’s an easy way to show users the costs their mistakes can have for a company.

One final note: The study broke down where the dollars from these costs went:

  • business disruption (38%)
  • information loss (35%)
  • revenue loss (22%)
  • equipment damage (4%), and
  • other (2%).

This could be helpful information to have when budgeting your security to prevent and respond to data breaches.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy