Targeted cyber attacks cost up to £1.6m

Targeted cyber attacks could cost enterprises up to £1.6m, a survey has revealed

Targeted cyber attacks could cost up to £1.6m, the 2013 Global Corporate IT Security Risks survey by B2B International and security firm Kaspersky Lab has revealed.

According to the report, £1.4m stems directly from the incident itself in losses from critical data leakages, business interruptions and expenses for remediation specialist services.

Companies face an additional bill of about £146,000 for actions taken to prevent such incidents from taking place again in the future, including updating software and hardware, and hiring and training staff.

Company losses resulting from targeted attacks on small and medium enterprises (SMEs) are lower, at around £60,000 per incident.

But considering the size of these companies, with an average of 100 to 200 employees, the blow suffered by the company is still substantial.

Of that £60,000, approximately £47,000 goes directly to incident remediation, while a further £13,000 goes to preventing similar incidents in the future.

Read more about targeted attacks

Although targeted attacks cause the highest financial costs, they are not the only kind of costly attack, accounting for only 9% of attacks in the past year, according to respondents.

Nearly a quarter of companies reported that their network infrastructures had been hacked. These incidents ran up costs of £1.1m for large companies and £48,000 for SMEs.

Intentional leaks of corporate data were suffered by 19% of companies with an average financial loss of £641,000 for large companies and £33,000 for SMEs.

Attacks exploiting common software vulnerabilities affected 39% of companies, incurring an average cost of £430,000 for corporations and £40,000 for SMEs.

Because of the wide range of attacks used by cyber criminals, Kaspersky Lab said businesses can no long rely on anti-virus systems alone.

The security firm believes a more comprehensive approach is needed. This should include proactive threat detection and whitelisting technologies that protect against previously unknown threats and malware that exploits vulnerabilities in business software.


Read more on Hackers and cybercrime prevention