Hiring security professionals to cut cyberattack impact cost: Study

Enterprises which deployed an internal Security Operation Center (SOC) have been able to reduce financial damage from a cyberattack at USD 675,000 -- less than half the average impact cost for all enterprise-level organizations at USD 1.41 million

Hiring security professionals to cut cyberattack impact cost: Study - CIO&Leader

Enterprises which deployed an internal Security Operation Center (SOC) have been able to reduce financial damage from a cyberattack at USD 675,000 -- less than half the average impact cost for all enterprise-level organizations at USD 1.41 million, a new survey from Kaspersky and market research firm, B2B International has revealed.

The survey showed that outsourcing security may actually increase the financial impact, particularly if the company uses an under-qualified subcontractor.

Among other changes that a business can employ to reduce losses from a data breach is to employ a Data Protection Officer (DPO), as 34% of companies of all sizes with this dedicated role reported that a cyber incident did not result in monetary loses, the findings showed.

Every year, data breaches are becoming more expensive for enterprises. In 2019, this cost has risen to USD 1.41 million -- up from USD 1.23 million the previous year, said the Kaspersky report.

In response to this, large organizations are investing more in cybersecurity. This year, enterprise IT security budgets averaged USD 18.9 million compared to USD 8.9 million in 2018.

Establishing an internal SOC involves purchasing the necessary tools, building processes and recruiting analysts, which can be a challenge for any business.

“Likewise, finding a DPO, who can combine IT security and legal knowledge, is not an easy task. These require time and budgets, and security leaders often find it difficult to justify such initiatives”, said Veniamin Levtsov, Vice President, Corporate Business at Kaspersky.

Just having a dedicated employee or even special subdivision does not guarantee that a company will not suffer a data breach.

“However, it does ensure that the business is prepared for these incidents, allowing them to recover from an attack more quickly and efficiently,” Levtsov added.

Outsourced SOCs however don’t reduce the cost of data breaches for enterprises.

The survey showed that outsourcing security to a Managed Security Service Provider (MSP) may actually increase the financial impact, particularly if the company uses an under-qualified subcontractor.

“Nearly 23% of companies that use an MSP experienced a financial impact of between USD 100k-249k, while only 19% businesses with an in-house IT team reported this level of damage,” said the report.

The survey highlighted that more than one-third of organizations (34%) with a DPO that suffered a data breach did not incur any financial loss, compared to only one-fifth (20%) of businesses overall.


Add new comment