A joint analysis of IT security spending conducted by Akouto and Alpha Logics shows a significant cost to businesses that underinvest in cybersecurity. The study analyzed spending patterns of existing clients to examine cybersecurity expenditures for small and medium-size businesses who underinvest compared to their peers. Cost calculations included money invested in cybersecurity products and services like anti-virus and intrusion prevention, plus money spent recovering from cybersecurity incidents like virus infections and ransomware over a 12 month period.
The analysis found that businesses who failed to adequately invest in cybersecurity spent on average 58% more compared to similar companies with adequate security measures in place. That number quickly skyrocketed when factoring in knock-on costs such as lost wages and revenue as a result of unplanned downtime. "Too many business owners fail to appreciate just how complex and costly it is to recover from a breach that could have been prevented with the right measures in place," said Bruno Macchiusi of Toronto based IT Service provider Alpha Logics. "To make matters worse, most owners don't believe their business is at risk until it's too late," continued Macchiusi.
The IT costs to recover from a breach are just the tip of the iceberg with businesses facing unforeseen expenses when a data breach occurs. Small and medium businesses can expect to pay anywhere from $14,000 to well over $100,000depending on a number of factors, according to studies by leading research institutes. Breaches involving credit card numbers can be among the costliest, with businesses forced to pay significant amounts for forensic examinations, credit monitoring services, customer notification services and legal fees among other costs. Having to notify customers and suppliers of a breach is not only costly and embarrassing, it could be devastating. According to industry research, 31% of customers terminated their relationship with a business after being notified of a breach.
Recovery costs alone quickly add up to tens of thousands of dollars because of technical challenges involved with sophisticated attacks. "After the initial breach, advanced ransomware attacks will stay hidden for months, spreading to other systems, compromising shared drives and even backups before finally posting a ransom demand," said Dominic Chorafakis, founder of Canadian cybersecurity consulting firm Akouto. "Without the proper safeguards in place it can be virtually impossible to recover from an attack when your servers and backups have also been compromised," Chorafakis continued.
This risk is all too real according to a study by the National Cyber Security Alliance showing that up to 60% of small and medium-sized businesses are unable to survive for more than six months after a breach. With the number of threats growing rapidly and attacks becoming increasingly sophisticated, businesses need to pay more attention to cybersecurity in order to survive. To stay ahead of hackers, business owners should consider working with IT security experts to make sure they get the most effective protection for their budget.