The Average Cost of Fighting a Cyberattack Now Exceeds $1.1M
February 21, 2019

Shira Sagiv
Radware

Without question, cyberattacks represent a viable threat to a business' bottom line. A new report from Radware shows that security professionals estimate the average cost of a cyberattack in excess of $1.1M. For those organizations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M.

The resulting business impacts? Just as alarming. 54% of Radware survey respondents report operational and productivity loss, and 43% report a negative customer experience following an effective cyberattack. What's more, almost half (45%) reported that the goal of the attacks they suffered was service disruption while another third (35%) claimed the goal was data theft.


Devastation Can Be Moments Away

Each of these impacts — singularly or in combination with one another — create a wedge between a brand and its customers. It can take years to build strong brand equity and only moments to destroy it. We see evidence of this time and again with major brands, such as Marriott, Equifax, Maersk, and more. The bottom line: Threat actors must only be successful once, but organizations must be successful in their attack mitigation 100% of the time.

It's no wonder IT professionals constantly feel pressure to increase their security posture. Yet, despite these mounting costs and business impacts, three in four have no formalized procedure to assess the business impact of a cyberattack against their organization. This becomes particularly troubling when you consider that most organizations have experienced some type of attack within the course of a year (only 7% of respondents claim not to have experienced an attack at all), with 21% reporting daily attacks, a significant rise from 13% last year.

78% of respondents hit by a cyberattack experienced service degradation or a complete outage

Not only are attacks becoming more frequent, they are also more effective: 78% of respondents hit by a cyberattack experienced service degradation or a complete outage, compared to 68% last year. Even with these numbers, 34% of respondents do not have a cybersecurity emergency response plan in place. For small-to-medium sized businesses, the outcome can be particularly severe, as these organizations typically lack sufficient protection measures and know-how.

Other key findings of the report include:

■ 43% of respondents reported negative customer experiences and reputation loss following a successful attack.

■ Data leakage and information loss remain the biggest concern to more than one-third (35%) of businesses, followed by service outages.

■ Hackers increased their usage of emerging attack vectors to bring down networks and data centers: Respondents reporting HTTPS Floods grew from 28% to 34%, reports of DNS grew from 33% to 38%, reports of burst attacks grew from 42% to 49%, and reports of bot attacks grew from 69% to 76%.

■ Application-layer attacks cause considerable damage. Two-thirds of respondents experienced application-layer DoS attacks and 34% foresee application vulnerabilities being a major concern in the coming year. More than half (56%) reported making changes and updates to their public-facing applications monthly, while the rest made updates more frequently, driving the need for automated security.

■ 86% percent of surveyed businesses indicated they explored machine-learning (ML) and artificial intelligence (AI) solutions. Almost half (48%) point at quicker response times and better security as primary drivers to explore ML-based solutions.

Understanding the impacts of a cyberattack — from productivity loss to taking a major financial hit — is essential to protecting brand affinity and remaining competitive in today's digitally driven business landscape. Once aware, security professionals and executives alike can — and must — begin to implement the necessary security solutions to safeguard their organizations, both on the balance sheet and with customers.

Shira Sagiv is Head of Product Marketing for Radware
Share this

Industry News

October 21, 2020

Conducto is launching a toolkit for simplifying complex CI/CD and data science pipelines, having raised $3 million in seed funding led by Jump Capital.

October 21, 2020

Snyk Intel vulnerability database will be integrated into IBM Cloud security capabilities to enhance security for enterprise workloads.

October 21, 2020

Accurics announced $20 million across seed and series A financing raised in the past six months, with Intel Capital leading the Series A and ClearSky leading the seed.

October 20, 2020

Splunk announced the Splunk Observability Suite, the most comprehensive and powerful combination of monitoring, investigation, and troubleshooting solutions designed to help organizations become cloud-ready and accelerate their digital transformation.

October 20, 2020

Tricentis announced Vision AI, the core technology that will now power Tosca.

October 20, 2020

MuseDev has extended its code analysis platform to deliver bug reports via Github's code scanning UI.

October 20, 2020

Digital Shadows announced the ability to detect exposed access keys.

October 19, 2020

StackRox and Robin.io announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s Kubernetes-native security and compliance capabilities.

October 19, 2020

PubNub announced new Chat UI Kits to streamline chat development.

October 19, 2020

Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

October 15, 2020

Couchbase announced version 2.8 of Couchbase Lite and Couchbase Sync Gateway for mobile and edge computing applications.

October 15, 2020

Kong unveiled the private beta release of Kong Konnect, a full-stack platform for cloud native applications delivered as a service.

October 15, 2020

Sonatype unveiled the Advanced Development Pack.

October 14, 2020

JFrog announced the general availability of a free subscription of its universal, hybrid and multi-cloud DevOps Platform, including industry-leading DevSecOps capabilities offered at no cost.

October 14, 2020

ServiceNow  announced four new external DevOps integrations with Continuous Improvement/Continues Delivery (CI/CD) toolsets.