Dive Brief:
- The average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and $861,000 for enterprises, according to a new report from Kaspersky Lab.
- The reallocation of IT staff time represents the single largest additional cost for both SMBs and enterprises after a data breach, Kaspersky found.
- Time is also a critical component in increasing the costs of a breach. "The longer a breach goes unnoticed, the more it will cost a business in monetary and data integrity terms," according to Kaspersky. "Even when breaches are detected almost instantly, SMBs estimate a cost to their business of $28,000, rising to $105,000 if undetected for more than a week. For enterprises, where a detection system is in place, the estimated financial damage is still $393,000, increasing to over $1 million if it remains undetected for over seven days."
Dive Insight:
There have been several studies examining the costs of an enterprise data breach, but few specify exactly where those costs occur. According to Kaspersky, reallocation of IT staff time is the largest additional cost for both SMBs and enterprises post-breach.
For some businesses, spending is clearly a priority. SMBs spend approximately 18% of their budgets on IT security while enterprises spend about 21% on theirs.
But investment in security measures does not at all ensure that a business won't be targeted and or suffer an expensive breach. In particular, zero-day vulnerabilities and targeted attacks are the most costly. SMBs usually suffer more attacks on mobile devices, while enterprises tend to attract more hacktivist activities, according to the report.
Kaspersky Lab and B2B International conducted the study of more than 4,000 business representatives from 25 countries.