With the cost of a breach rising and targeted attacks on the rise, companies that don’t take security seriously could end up taking a big financial hit, new research said.
For those companies that still say they are too obscure to suffer an attack beware: 94 percent of organizations encountered at least one cyber security incident in the past 12 months, according to a Kaspersky Lab and B2B International survey of worldwide IT professionals.
Of these incidents, the number of organizations that reported having at least one targeted attack rose substantially, with 12 percent of respondents saying they experienced at least one targeted attack in the past year. This number is up from 9 percent reported in Kaspersky Lab’s 2012 and 2013 studies.
While respondents said they experienced various external threats, targeted attacks have the potential to be the most crippling to an organization.
Damages from one successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses. This takes into account both the losses incurred by the company as a result of a targeted attack as well as the repose expenses that a company will have to take on after the incident, including the loss of business opportunities (tarnished reputation, breach of contracts resulting from the incident), investment in services and solutions to prevent additional incidents, and extra security training for IT staff and company employees.
“The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization,” said Chris Doggett, managing director of Kaspersky Lab North America. “However, we are seeing that the number of companies that are actually taking that knowledge and turning it into an action to protect their organization from such attacks is still alarmingly low.”
While the threat of a targeted attack is prevalent for enterprises and small businesses, the Kaspersky Lab survey found that large companies in particular see targeted attacks as a major threat, with 38 percent of companies with 1,500 – 5,000 employees, and 39 percent of companies with more than 50,000 employees naming targeted attacks as their number one concern.
Mid-sized and small businesses were only moderately less concerned with 34 percent of the respondents naming protection against targeted attacks as a key priority. The survey also found organizations large and small worry about losing sensitive company data to a targeted attack. More than one-third (34 percent) of companies named the protection of confidential data (client data, financial data, and other kinds of information) against targeted attacks as a key problem for IT management teams.
“With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack,” Doggett said.