Woburn, MA – October 1, 2019 – New research from Kaspersky found that the cost of enterprise data breaches has risen to $1.41 million, up from $1.23 million in the previous year. As a result, enterprise organizations invested more in cybersecurity in 2019, with IT security budgets averaging $18.9 million compared to $8.9 million in 2018.
Each year, data breaches are becoming significantly more expensive for enterprises. Kaspersky’s survey, “IT security economics in 2019: how businesses are losing money and saving costs amid cyberattacks,” found that in 2019, enterprises with an internal Security Operation Center (SOC) estimated their financial damage from a cyberattack at $675,000, less than half the average impact cost at $1.41 million in 2018. Additionally, the survey showed 34% of companies of all sizes with a dedicated Data Protection Officer (DPO) reported that cyber incidents at their organization did not result in monetary loss.
Enterprises can reduce the financial impact of data breaches by building an internal SOC responsible for the ongoing monitoring of security events and incident response. There are also savings for larger SMBs (with 500+ employees) who adopt a SOC, with the total financial impact of a data breach for these businesses estimated at $106,000, compared to $129,000 if an SOC is not in place.
Pic. 1 – The average cost of data breach for enterprises in general and ones with internal SOC
Outsourced SOCs, however, do not reduce the cost of data breaches for enterprises. The survey showed that outsourcing security to a Managed Service Provider (MSP) may actually increase financial impact. 23% of companies that use an MSP experienced a financial impact of $100,000 to $249,000 while only 19% of businesses with an in-house IT team reported this same level of damage.
Enterprises can also consider hiring a DPO to mitigate the cost of data breaches. DPO’s are responsible for building and implementing data protection strategy within a company as well as managing compliance issues. The survey highlighted that more than one-third of organizations (34%) with a DPO that suffered a data breach did not incur any financial loss, compared to only one-fifth (20%) of businesses overall.
“Establishing an internal SOC involves purchasing the necessary tools, building processes and recruiting analysts, which can be a challenge for any business,” said Veniamin Levtsov, vice president of corporate business at Kaspersky. “Likewise, finding a DPO who can combine IT security and legal knowledge is not an easy task. These require time and budgets, and security leaders often find it difficult to justify such initiatives. But as we can see, these are worthwhile investments. Of course, just having a dedicated employee or even special subdivision does not guarantee that a company will not suffer a data breach. However, it does ensure that the business is prepared for these incidents, allowing them to recover from an attack more quickly and efficiently.”
To empower internal SOCs, Kaspersky offers solutions and services including Kaspersky EDR, Kaspersky Anti Targeted Attack, Kaspersky Threat Intelligence and Kaspersky Cybersecurity Training portfolio. These products help to overcome the most common barriers to a working SOC, such as the lack of enterprise-wide visibility or insufficient threat information as well as improving performance.
To view the full report, please visit Kaspersky Daily.
Methodology
The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) is a global survey of IT business decision makers, which is now in its 9th year. A total of 4,958 interviews were conducted across 23 countries. Respondents were asked about the state of IT security within their organizations, the types of threats they face and the costs they have to deal with when recovering from attacks. The regions covered consist of LATAM (Latin America), Europe, North America, APAC (Asia-Pacific with China), Japan, Russia and META (Middle East, Turkey and Africa).