The Average Cost of Fighting a Cyberattack Now Exceeds $1.1M
February 21, 2019

Shira Sagiv
Radware

Without question, cyberattacks represent a viable threat to a business' bottom line. A new report from Radware shows that security professionals estimate the average cost of a cyberattack in excess of $1.1M. For those organizations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M.

The resulting business impacts? Just as alarming. 54% of Radware survey respondents report operational and productivity loss, and 43% report a negative customer experience following an effective cyberattack. What's more, almost half (45%) reported that the goal of the attacks they suffered was service disruption while another third (35%) claimed the goal was data theft.


Devastation Can Be Moments Away

Each of these impacts — singularly or in combination with one another — create a wedge between a brand and its customers. It can take years to build strong brand equity and only moments to destroy it. We see evidence of this time and again with major brands, such as Marriott, Equifax, Maersk, and more. The bottom line: Threat actors must only be successful once, but organizations must be successful in their attack mitigation 100% of the time.

It's no wonder IT professionals constantly feel pressure to increase their security posture. Yet, despite these mounting costs and business impacts, three in four have no formalized procedure to assess the business impact of a cyberattack against their organization. This becomes particularly troubling when you consider that most organizations have experienced some type of attack within the course of a year (only 7% of respondents claim not to have experienced an attack at all), with 21% reporting daily attacks, a significant rise from 13% last year.

78% of respondents hit by a cyberattack experienced service degradation or a complete outage

Not only are attacks becoming more frequent, they are also more effective: 78% of respondents hit by a cyberattack experienced service degradation or a complete outage, compared to 68% last year. Even with these numbers, 34% of respondents do not have a cybersecurity emergency response plan in place. For small-to-medium sized businesses, the outcome can be particularly severe, as these organizations typically lack sufficient protection measures and know-how.

Other key findings of the report include:

■ 43% of respondents reported negative customer experiences and reputation loss following a successful attack.

■ Data leakage and information loss remain the biggest concern to more than one-third (35%) of businesses, followed by service outages.

■ Hackers increased their usage of emerging attack vectors to bring down networks and data centers: Respondents reporting HTTPS Floods grew from 28% to 34%, reports of DNS grew from 33% to 38%, reports of burst attacks grew from 42% to 49%, and reports of bot attacks grew from 69% to 76%.

■ Application-layer attacks cause considerable damage. Two-thirds of respondents experienced application-layer DoS attacks and 34% foresee application vulnerabilities being a major concern in the coming year. More than half (56%) reported making changes and updates to their public-facing applications monthly, while the rest made updates more frequently, driving the need for automated security.

■ 86% percent of surveyed businesses indicated they explored machine-learning (ML) and artificial intelligence (AI) solutions. Almost half (48%) point at quicker response times and better security as primary drivers to explore ML-based solutions.

Understanding the impacts of a cyberattack — from productivity loss to taking a major financial hit — is essential to protecting brand affinity and remaining competitive in today's digitally driven business landscape. Once aware, security professionals and executives alike can — and must — begin to implement the necessary security solutions to safeguard their organizations, both on the balance sheet and with customers.

Shira Sagiv is Head of Product Marketing for Radware
Share this

Industry News

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 26, 2023

Section announced it is making it easier than ever to deploy and scale a Mastodon server; in just a few clicks, developers can use Section’s global platform to ensure a superior user experience at a fraction of the cost.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.

January 25, 2023

Tricentis announced the general availability of Tricentis Test Automation, a cloud-based test automation solution that simplifies test creation, orchestration, and scalable test execution for easier collaboration among QA teams and their business stakeholders and faster, higher-quality, and more durable releases of web-based applications and business processes.

January 24, 2023

Harness announced the acquisition of Propelo.

January 23, 2023

Couchbase announced its Couchbase Capella Database-as-a-Service (DBaaS) offering on Azure.

January 23, 2023

Mendix and Software Improvement Group (SIG) have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities.

January 23, 2023

Trunk announces the public launch of CI Analytics.

January 23, 2023

Panaya announced a new Partnership Program in response to ongoing growth within its partner network over the past year.

January 23, 2023

Cloudian closed $60 million in new funding, bringing the company’s total funding to $233 million.

January 19, 2023

Progress announced the R1 2023 release of Progress Telerik and Progress Kendo UI.

January 19, 2023

Wallarm announced the early release of the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.

January 19, 2023

ThreatModeler launched Threat Model Marketplace, a cybersecurity asset marketplace offering pre-built, field-tested threat models to be downloaded — free for a limited time — and incorporated into new and ongoing threat modeling initiatives.