Average cost of a cyberattack exceeds $1.6 million

Radware has released its 2018-2019 Global Application and Network Security Report, in which survey respondents estimate the average cost of a cyberattack has climbed to $1.1M. For those organisations that calculate (versus estimate) the cost of an attack, that number increases to $1.67M.

The top impact of cyberattacks, as reported by respondents, is operational/productivity loss (54%), followed by negative customer experience (43%). What’s more, almost half (45%) reported that the goal of the attacks they suffered was service disruption.  Another third (35%) said the goal was data theft. 

 “This year we’ve seen a real shift in the impact an attack has on a company financially and it’s especially interesting that more companies are taking the time to calculate the loss not just estimate it. That’s not surprising given how volatile economies are at the moment. Understanding the impact of downtime on productivity as well as sales and consumer trust is essential to justify spending money on protecting the business in the future, and staying competitive.” said Jeff Curley, head of online and digital for Radware UK, Ireland and the Nordics.

While the cost of attack mitigation continues to rise, so does the number of organisations under attack. Most organisations have experienced some type of attack within the course of a year, with only 7% of respondents claiming not to have experienced an attack at all. Twenty one percent reported daily attacks, representing a significant rise from 13% last year.  Not only are attacks becoming more frequent, they are also more effective: 78% of respondents hit by a cyberattack experienced service degradation or a complete outage, compared to 68% last year. Even with these numbers, 34% of respondents do not have a cybersecurity emergency response plan in place.

Other key findings of the report include:

• 43% of respondents reported negative customer experiences and reputation loss following a successful attack.

• Data leakage and information loss remain the biggest concern to more than one-third (35%) of businesses, followed by service outages.

• Hackers increased their usage of emerging attack vectors to bring down networks and data centres: Respondents reporting HTTPS Floods grew from 28% to 34%, reports of DNS grew from 33% to 38%, reports of burst attacks grew from 42% to 49%, and reports of bot attacks grew from 69% to 76%.
• Application-layer attacks cause considerable damage. Two-thirds of respondents experienced application-layer DoS attacks and 34% foresee application vulnerabilities being a major concern in the coming year. More than half (56%) reported making changes and updates to their public-facing applications monthly, while the rest made updates more frequently, driving the need for automated security.
• 86% percent of surveyed businesses indicated they explored machine-learning (ML) and artificial intelligence (AI) solutions. Almost half (48%) point at quicker response times and better security as primary drivers to explore ML-based solutions.

Jeff adds, “It’s a worry to see that a third of companies suffered data loss last year as I suspect a good proportion included personal data. The public is now far more aware of the risks of handing over information and the long-lasting impact to their lives if their data is caught up in a breach. Hackers will continue to exploit this and I expect to see more and more automated attacks, especially those that target applications in the future.

He adds: “It’s no surprise then that ML and AI are growing in popularity. They are a way to provide defences that are effective 100% of the time. Companies that fail to invest in these new technologies, will suffer the consequences.”