On average, a single cyber-security incident now costs large businesses US $861,000 (£652,000). Meanwhile, small and medium businesses (SMBs) pay $86,500 (£65,500).
A new study from Kaspersky Lab asked over 4000 representatives of small, medium and large businesses from 25 countries on their views on IT security and real incidents they dealt with.
The cost of recovery especially grows depending on the time of discovery. SMBs tend to pay 44 percent more to recover from attacks discovered a week or more after the initial breach when compared to attacks found within one day. Enterprises pay a 27 percent premium in the same situations.
Due to the increased complexity of IT infrastructure, businesses expect IT security budgets to grow at least 14 percent over the next year. A typical small business currently spends 18 percent of its total IT budget on security and enterprises spend 21 percent. Annual security budgets vary from just $1000 (£757) for small businesses to $1,000,000 (£758,231) for large companies.
Even though the most frequent cost is for additional staff wages, businesses reported significant spending due to lost business opportunities, improvement in IT security, employing external specialists and hiring new staff. Enterprises spend $79,000 (£60,000) on training and $85,000 (£64,500) on requesting help from external experts, which is 19 percent of the total loss.
“Based on our worldwide survey, the average IT security budget is ‘worth' just 2.5 cyber-attacks once all direct and indirect losses are taken into account. With the corporate world dealing with thousands of attacks on a daily basis, an efficient cyber-security strategy definitely pays off. Businesses understand the threat clearly: 59 percent of SMBs and 62 percent of enterprises say they will improve their security regardless of the ability to measure return,” said Vladimir Zapolyansky, head of SMB marketing at Kaspersky Lab.