By Daniel Hunter
A successful targeted attack against a large company can cause damages of up to £1.6 million. This is according to B2B International which, along with Kaspersky Lab, conducted the 2013 Global Corporate IT Security Risks survey this spring.
Targeted attacks are one of the most dangerous types of cyber threats, as professional cybercriminals are typically involved in their preparation and launch. These criminals have substantial financial resources and extensive expertise in IT.
Furthermore, the end goals of these attacks are typically secret or confidential information from a specific company. Leakage of this data could lead to significant losses.
Just how big can these losses be? According to the data collected by B2B International analysts, on average these incidents cost a company up to £1.6 million, of which approximately £1.4 million stems directly from the incident itself in the form of losses from critical data leakages, business interruptions, and expenses for remediation specialist services (lawyers, IT security professionals, etc.).
Companies face an approximate additional £145,872 bill for actions taken to prevent such incidents from taking place again in the future – updating software and hardware, and hiring and training staff.
Company losses resulting from targeted attacks on SMEs (Small and Medium Enterprises) are noticeably lower, at approximately £60,000 per incident, but considering the size of these companies (with an average of about 100-200 employees), the blow suffered by the company is still substantial. Of that £60,000, approximately £47,000 goes directly to incident remediation, while another £13,000 goes toward preventing similar incidents in the future.
Although targeted attacks cause the highest financial costs, they are not the only kind of attack — indeed, at present, they are not even the most common threat companies face. About 9% of respondents noted that their companies had been subjected to a targeted attack over the previous 12 months.
A far higher percentage of companies (24%) reported that their network infrastructures had been hacked. For large companies, these types of attacks can run up damages of £1.1 million (£48,000 for SMEs), and are considered the second most costly type of attack. Intentional leaks of corporate data were suffered by 19% of companies, and the resulting financial losses came to an average of £641,000 (£33,000 for SMEs).
Attacks exploiting common software vulnerabilities affected 39% of companies. Large corporations incurred an average of £430,000 in damages from these types of attacks, while SMEs incurred roughly £40,000 in damages.
Targeted attacks are complex and typically involve a long period of preparation during which malicious users try to find the weak points in a corporation’s IT infrastructure and locate the tools necessary to launch the attack.
Fighting this type of threat with antivirus software alone is not possible, although effective antivirus solutions are available to handle other kinds of threats. A corporate solution using modern, proactive threat detection technologies can help protect a company against both targeted attacks and other dangerous IT threats.
Join us on