Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/24/2018
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

Data breaches are expensive, and their growing cost is driving business leaders to allocate more of their IT budgets to cybersecurity. It's not just fear of incidents driving the investment, either: complex infrastructure and lack of knowledge are also causing companies to spend more.

As part of its Corporate IT Security Risks Survey, Kaspersky Lab polled 6,614 business decision makers on their IT security spending, the types of threats they have faced, and the cost of recovering from cyberattacks. They found the cost of breaches has grown by more than one-fifth for both enterprises and SMBs, and the price tag is only expected to get larger.

The cost is growing faster for smaller victims. The average enterprise pays $1.23 million per incident, up 24% from $992,000 in 2017. SMBs spend $120,000 an increase of 36% from last year.

At $193,000 improving software and infrastructure is the most expensive part of a breach for enterprises, followed by repairing damage to credit rating and insurance premiums ($180,000) and training ($137,000). Software improvement is the joint-highest for SMBs, which spend $15,000 on both software improvement and employing external professionals in the aftermath of a breach.

"Typically, they are replacing their software with new solutions or enhanced tools or offerings from their current provider," says Andrey Pozhogin, security expert at Kaspersky Lab North America. Other major costs include lost business and additional wages for internal staff.

Individual costs related to breach remediation were higher overall, Pozhogin continues. Interestingly, researchers found expenses were higher overall among companies located in North America, Asia-Pacific, and Japan depending on their corporate strategies and values.

"The financial impact and motives behind the spend differ worldwide, and it's hard to pinpoint the exact spend after a data breach," he says. "For example, employing external professionals is one of the costliest outcomes of a security breach for SMBs in North America, which suggests that businesses in these regions are more in need of additional expertise."

For companies in Japan, minimizing reputational damage is a priority. Extra PR was the second-highest expense for Japanese SMBs, which spent an average of $13,000 per breach. Loss of business costs Chinese SMBs $17,000, a sign that customers are unforgiving of security incidents.

Most Expensive Incidents Start with Third Parties

The most expensive threats are related to data leaving the organization.

Third-party providers are the source of the costliest incidents, researchers report. The top five affecting enterprises include targeted attacks ($1.11 million), incidents affecting IT infrastructure hosted by a third party ($1.09 millon) incidents involving non-computing connected devices ($993,000) and third-party cloud services ($942,000), and data leaks from internal systems ($909,000).

For SMBs, the priciest recoveries come from incidents affecting IT infrastructure hosted by a third party ($118,000), followed by those involving non-computing connected devices ($98k), those affecting third-party cloud services ($89,000), targeted attacks ($87,000), and incidents affecting suppliers sharing data with the victim ($83,000).

For both enterprises and SMBs, incidents affecting third-party infrastructure are the most expensive. Organizations changing their digital strategies often work with third parties to store their data or change access to their infrastructure, and hackers are taking advantage.

"Cybercriminals recognize the paradox of a supplier that has sometimes unlimited access to the enterprise infrastructure while left alone in their struggle to secure their own servers and networks," says Poghozin. Breaches like the supply-chain attack on Target brought these vulnerabilities to light, and they were abused in incidents like NotPetya and Bad Rabbit.

"The poorly protected networks of SMBs granting access to their enterprise partners are the low hanging fruit for the attackers," he adds.

Breaches are Costly in the Cloud

Nearly half (45%) of enterprises have increased, or are planning to increase, their hybrid cloud usage over the next year, Pozhogin says. The growth has sparked new security issues and now, as a result, more companies are shifting their security spend over to the cloud.

"The cloud poses unique challenges, as traditional security procedures may not work in the cloud, lack of visibility and unified security tools create blind spots, and utilization of numerous solutions and platforms creates barriers for security administrators and environments where cybercriminals can thrive," he explains.

People often play a big role in poor cloud security. Employees fail to properly configure cloud services, a mistake that commonly leads to accidental data exposure. They use the same password across all portals, including those for cloud-based systems, essentially leaving a "master key" for cybercriminals who seek access into corporate networks.

"It's often simple human-based actions like this that can lead to costly data breaches," he adds.

Should You Be Spending Differently?

Security budgets have grown overall: enterprises spend an average of $8.9 million on security while SMB spending has grown from $201,000 to $246,000 year over year. The greatest increase is among companies with fewer than 50 workers, which spend $3,900 compared with $2,900 in 2017.

Poghozin says companies are spending the money on infrastructure security, internal expertise, and security operations. However, he says they could benefit from more spending on visibility and unification as they deploy more tools across their datacenters and the public cloud, which leads to poor visibility and noise, and detracts from their ability to control security.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.