Cybersecurity concerns aren’t limited to large enterprises.
According to a newly released Kaspersky Lab survey, small businesses shell out an average of $38,000 to recover from a single data breach. The amount climbs once indirect expenses and damage to reputation are taken into account.
Kaspersky Lab calculated $8,000 in indirect expenses, which included staffing, training and infrastructure upgrades designed to prevent future breaches. Losses due to brand damage were more difficult to determine. Kaspersky Lab landed on an estimate of $8,653 after factoring in consultancy expenses, lost business opportunities and the cost of PR and marketing campaigns aimed at restoring corporate image.
The release of those findings coincides with the 12th annual National Cyber Security Awareness Month. President Barack Obama designated October as a time to educate public and private organizations about the importance of data protection during a national security incident, and the Kaspersky Lab results work to underscore that importance.
“These numbers should serve as a wakeup call for both large and small businesses,” Chris Doggett, managing director of Kaspersky Lab North America, said in a statement. “IT security needs to become a more common priority for organizations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cybersecurity technology and strategies to prevent having to pay an enormous cybersecurity bill.”
Thus far, it doesn’t appear that businesses have found that motivation. The survey results show that half of IT professionals don’t list security-breach prevention among their top three IT priorities. Forty-four percent of businesses have not yet implemented anti-malware solutions.
Moving forward, a casual stance on security could be an issue for many organizations, especially considering that security breaches have become pervasive: Kaspersky Lab found that 90 percent of the 5,500 small, medium and large companies surveyed have experienced at least one security incident.
The causes of those breaches vary. Data from the Ponemon Institute’s “2015 Cost of Data Breach Study: United States” shows that 49 percent of data breaches stemmed from malicious or criminal attacks, 19 percent involved employee negligence and 32 percent were caused by system glitches.
Thankfully, policies, procedures and technologies can help mitigate risks. And according to the Ponemon Institute, incident response plans, the extensive use of encryption, CISO leadership, employee training and insurance protection can help reduce the costs of a data breach.
Of course, such factors will only benefit organizations that are willing to pump substantial time and resources into IT, but Kaspersky Lab says IT personnel need only think about the alternative to justify the investments.
“One thing is certain — the cost of a security breach is always higher than the cost of protection,” the report states. “The ability to reduce the risk and avoid the shaky path of recovery always pays off.”