Each virus and worm incident costs UK companies an average of £122,000 - significantly higher than previously thought - according to research from user group, the Corporate IT Forum (Tif).
The estimate, based on responses from Tif’s 140 blue-chip IT users, comes after the worst year ever for worm and virus attacks, including the likes of MS Blaster/Welchia, Sobig and SQL Slammer.
Tif’s figure, based on staff time costs and losses relating to an attack, is more than four-times the estimate of £30,000 per attack published by the Department of Trade & Industry and PricewaterhouseCoopers last year.
About 75% of the companies surveyed incurred costs associated with IT department effort, financial loss or both, with an average of 365 IT staff hours wasted in dealing with an attack, the research found. In 35% of cases the whole organisation was affected, with an average of 3,080 hours incurred or lost.
"We believe that the cost of viruses and worms is much greater than originally thought," said chief executive of Tif, David Roberts. "Tif comprises organisations that spend millions of pounds every year on their IT infrastructure. Organisations with relatively poor protection will be hit even harder as they will suffer more downtime and wider business disruption, as well as getting more viruses in the first place."
Tif distributed a template for costing security incidents to its members in September, following the wave of the viruses and worms that hit in August, which was the worst month of all time, according to security software providers MessageLabs and Sophos.
The Sobig-F variant was the fastest spreading virus of all time, according to the end-of-year reports published last week.