The Growing Importance of Cybersecurity and its Costs

Share:

Cybersecurity has taken on heightened awareness and is of particular concern for our network operator clients. Service providers have a dual concern – their own company cybersecurity, as well as network security for their broader network. It’s an issue that requires significant attention.

Some recent news from network security firm Kaspersky sheds some light on the financial implications for security breaches. The cost of security breaches for enterprises is on the rise but interestingly costs declined slightly for small businesses.

The survey found that the cost-per-incident for enterprises increased from $1.23 million to $1.41 million compared to last year’s survey. The firm offers a few possible reasons for the rise, including increased spending on third party experts and public relations aimed at protecting the victim’s image once an incident occurs.

The spending increase on PR likely is due to concerns stemming from “an overall tightening” of laws on disclosure. “This is particularly relevant in the case of data leaks,” Kaspersky said in a blog post. “Today, current and potential clients or partners are certain to find out about incidents, and they worry about their data potentially falling into cybercriminals’ hands. The issue is not limited to large companies: According to respondents, 36% of enterprises and 31% of small businesses ran into PR problems as a result of leaks.”

SMB Security Breach Costs
Things are different in the small business sector, however. Kaspersky found that the cost for incidents fell from $120,000 to $108,000 per incident in the group. Outlays for compensation and software and infrastructure tools all fell.

No insight is given on why expenditures are increasing for enterprises and shrinking for small businesses. It is possible that changes in disclosure laws are targeted at larger companies – thus increasing their expenditures on PR services disproportionately – or that employees of smaller companies are practicing better cyber security hygiene as time goes on.

The research also looked at the causes of security incidents. Irrespective of company size, Kaspersky found that problems most often stem from “employees’ misuse of IT resources, and infection of company devices with malware.” The example given that fits both of those categories is employees who click on an email link that installs malware.