According to the latest survey by Kaspersky Lab, 90 per cent of companies have suffered a cyber attack and for larger businesses the cost could be as much as half a million dollars.
Of the 5,500 companies surveyed nearly half, 46 per cent of businesses, lost sensitive data due to an internal or external security threat.
The average cyber attack for enterprise incurs costs of up to $73,000 for professional services, up to $58,000 in lost business opportunities and up to $420,000 in downtime. Smaller companies suffer too and average cyber attack costs of up to $38,000 can prove crippling.
As well as the direct costs of an attack organisations both large and small need to address staffing, training and IT infrastructure upgrades to prevent future incidents from occurring. Those costs could be up to $69,000 for an enterprise and up to $8,000 for a small business. It's also important to factor in the reputational damage that an organisation can suffer as a result of a cyber attack, which could total up to $204,750 for an enterprise and up to $8,653 for a small business.
"Businesses have known for a long time that any cyber attack has its consequences, but the high costs associated with addressing a cyber attack after an incident occurs is quite alarming," says Chris Doggett, managing director of Kaspersky Lab North America. "These numbers should serve as a wakeup call for both large and small businesses. IT security needs to become a more common priority for organisations and it is our hope that these numbers will motivate businesses to take the necessary steps to implement effective cyber security technology and strategies to prevent having to pay an enormous cyber security bill".
Despite the scale of threats many businesses are still not doing enough to protect themselves from what could be a financially crippling attack. Only 50 per cent of IT professionals surveyed listed prevention of security breaches as one of their three major IT concerns and 44 per cent of businesses have not implemented anti-malware solutions to prevent them.
More detail, including the types of threat most likely to lead to a security breach, can be found in the full IT Security Risks report available from the Kaspersky site.