According to the report, £1.4m stems directly from the incident itself in losses from critical data leakages, business interruptions and expenses for remediation specialist services.
Companies face an additional bill of about £146,000 for actions taken to prevent such incidents from taking place again in the future, including updating software and hardware, and hiring and training staff.
Company losses resulting from targeted attacks on small and medium enterprises (SMEs) are lower, at around £60,000 per incident.
But considering the size of these companies, with an average of 100 to 200 employees, the blow suffered by the company is still substantial.
Of that £60,000, approximately £47,000 goes directly to incident remediation, while a further £13,000 goes to preventing similar incidents in the future.
Read more about targeted attacks
- Study finds spear phishing at heart of most targeted attacks
- Custom, targeted malware attacks demand new malware defense approach
- Beebus virus targets aerospace and defence
- Security Think Tank: Are companies too confident about targeted attacks?
- Phishing attacks cast wider nets in businesses
Although targeted attacks cause the highest financial costs, they are not the only kind of costly attack, accounting for only 9% of attacks in the past year, according to respondents.
Nearly a quarter of companies reported that their network infrastructures had been hacked. These incidents ran up costs of £1.1m for large companies and £48,000 for SMEs.
Intentional leaks of corporate data were suffered by 19% of companies with an average financial loss of £641,000 for large companies and £33,000 for SMEs.
Attacks exploiting common software vulnerabilities affected 39% of companies, incurring an average cost of £430,000 for corporations and £40,000 for SMEs.
Because of the wide range of attacks used by cyber criminals, Kaspersky Lab said businesses can no long rely on anti-virus systems alone.
The security firm believes a more comprehensive approach is needed. This should include proactive threat detection and whitelisting technologies that protect against previously unknown threats and malware that exploits vulnerabilities in business software.