Businesses pay more to recover from a cyber attack if virtual infrastructure ends up affected during the incident.
Enterprises pay more than $800,000 on average to recover from a security breach, which is twice as much compared to incidents involving only physical infrastructure. That is one of the key findings of a 2015 Security of Virtual Infrastructure worldwide survey of 5,500 companies by Kaspersky Lab in cooperation with B2B International.
Small to medium businesses (SMBs) experience the same pattern as enterprises, the survey said. On average, SMBs reported damage of more than $26,000 for an attack on their physical infrastructure. The involvement of virtual infrastructure in a security breach however, drives the cost up to nearly $60,000.
The main reason behind the additional cost for a security breach affecting virtual environments is that a majority of businesses use virtual infrastructure for their most important operations.
In fact, 62 percent of companies use virtualization in some form. As a result, organizations are likely to entrust virtual environments with the most critical business processes. While an attack on physical nodes leads to the temporary loss of access to business critical information in 36 percent of incidents reported, this rises to 66 percent when a breach affects virtual servers and desktops. Attacks affecting virtual environments also typically require additional budget on third-party expertise. Businesses have to request help not only from IT consultants, but also lawyers, risk management experts and others.
An incorrect perception of the threat landscape is an additional element that increases the cost of recovery in virtual infrastructures. The Kaspersky Lab survey found 42 percent of businesses believe security risks in virtual environments are significantly lower than in “physical” environments. In addition, 45 percent of companies reported security management in virtual infrastructures is a problem and yet only 27 percent of businesses have deployed a security solution specifically designed for virtual environments.
“Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure,” said Matvey Voytov, corporate products group manager at Kaspersky Lab. “However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit. Our view is that businesses should use customized, virtual-aware security solutions with centralized management and reporting. The solution should have a low impact on resources, a high detection rate and the ability to spot suspicious activity right away.”
Click here to download the complete report.