Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/24/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches are expensive, and their growing cost is driving business leaders to allocate more of their IT budgets to cybersecurity. It's not just fear of incidents driving the investment, either: complex infrastructure and lack of knowledge are also causing companies to spend more.

As part of its Corporate IT Security Risks Survey, Kaspersky Lab polled 6,614 business decision makers on their IT security spending, the types of threats they have faced, and the cost of recovering from cyberattacks. They found the cost of breaches has grown by more than one-fifth for both enterprises and SMBs, and the price tag is only expected to get larger.

The cost is growing faster for smaller victims. The average enterprise pays $1.23 million per incident, up 24% from $992,000 in 2017. SMBs spend $120,000 an increase of 36% from last year.

At $193,000 improving software and infrastructure is the most expensive part of a breach for enterprises, followed by repairing damage to credit rating and insurance premiums ($180,000) and training ($137,000). Software improvement is the joint-highest for SMBs, which spend $15,000 on both software improvement and employing external professionals in the aftermath of a breach.

"Typically, they are replacing their software with new solutions or enhanced tools or offerings from their current provider," says Andrey Pozhogin, security expert at Kaspersky Lab North America. Other major costs include lost business and additional wages for internal staff.

Individual costs related to breach remediation were higher overall, Pozhogin continues. Interestingly, researchers found expenses were higher overall among companies located in North America, Asia-Pacific, and Japan depending on their corporate strategies and values.

"The financial impact and motives behind the spend differ worldwide, and it's hard to pinpoint the exact spend after a data breach," he says. "For example, employing external professionals is one of the costliest outcomes of a security breach for SMBs in North America, which suggests that businesses in these regions are more in need of additional expertise."

For companies in Japan, minimizing reputational damage is a priority. Extra PR was the second-highest expense for Japanese SMBs, which spent an average of $13,000 per breach. Loss of business costs Chinese SMBs $17,000, a sign that customers are unforgiving of security incidents.

Most Expensive Incidents Start with Third Parties

The most expensive threats are related to data leaving the organization.

Third-party providers are the source of the costliest incidents, researchers report. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000).

For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000).

For both enterprises and SMBs, incidents affecting third-party infrastructure are the most expensive. Organizations changing their digital strategies often work with third parties to store their data or change access to their infrastructure, and hackers are taking advantage.

"Cybercriminals recognize the paradox of a supplier that has sometimes unlimited access to the enterprise infrastructure while left alone in their struggle to secure their own servers and networks," says Poghozin. Breaches like the supply-chain attack on Target brought these vulnerabilities to light, and they were abused in incidents like NotPetya and Bad Rabbit.

"The poorly protected networks of SMBs granting access to their enterprise partners are the low hanging fruit for the attackers," he adds.

Breaches are Costly in the Cloud

Nearly half (45%) of enterprises have increased, or are planning to increase, their hybrid cloud usage over the next year, Pozhogin says. The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud.

"The cloud poses unique challenges, as traditional security procedures may not work in the cloud, lack of visibility and unified security tools create blind spots, and utilization of numerous solutions and platforms creates barriers for security administrators and environments where cybercriminals can thrive," he explains.

People often play a big role in poor cloud security. Employees fail to properly configure cloud services, a mistake that commonly leads to accidental data exposure. They use the same password across all portals, including those for cloud-based systems, essentially leaving a "master key" for cybercriminals who seek access into corporate networks.

"It's often simple human-based actions like this that can lead to costly data breaches," he adds.

Should You Be Spending Differently?

Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. The greatest increase is among companies with fewer than 50 workers, which spend $3,900 compared with $2,900 in 2017.

Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations. However, he says they could benefit from more spending on visibility and unification as they deploy more tools across their datacenters and the public cloud, which leads to poor visibility and noise, and detracts from their ability to control security.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5124
PUBLISHED: 2020-01-25
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered fro...
CVE-2019-5146
PUBLISHED: 2020-01-25
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered fro...
CVE-2019-5147
PUBLISHED: 2020-01-25
An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from...
CVE-2019-5183
PUBLISHED: 2020-01-25
An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shad...
CVE-2020-5226
PUBLISHED: 2020-01-24
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrapp...