New research from the Kaspersky Lab 2018
B2B Survey shows that the average cost of experiencing a data breach
globally is on the rise - with breaches now amounting to $1.23M on
average for enterprises (up 24% from $992K in 2017) and $120K on average
for SMBs (up 36% from $88K in 2017).
The
annual Kaspersky Lab Corporate IT Security Risks survey is a global
survey of IT business decision makers, which this year had a total of
6,614 respondents from 29 countries. The 2018 report, "On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives"
builds upon data from previous years to identify how businesses are
adjusting IT security spending to respond to the changing cyberthreat
landscape and the financial impact of cyberattacks when they occur.
In
North America, the average cost of a data breach for an enterprise has
reached $1.6M (up 23% or $300K from $1.3M in 2017) on average.
Additionally, North America is the most expensive location for an SMB to
suffer a data breach compared to all seven regions in the study. SMBs
in the U.S. and Canada have the highest recovery cost, at $149K on
average (up 27% or $32,000 from $117K in 2017).
As
the aftermath of a data breach continues to increase, it's important to
understand what types of cybersecurity incidents are occurring that
result in a hefty bill, to proactively protect against these threats.
The top most costly incidents
According
to the report, safeguarding data in the cloud is continuing to present
new challenges for businesses, with the most expensive cybersecurity
incidents over the past year related to cloud environments and data
protection. For SMBs, the most expensive cybersecurity incidents
globally were related to IT infrastructure hosted by a third-party,
which cost $179K on average. For enterprises globally, the expense was
related to targeted attacks, costing $1.64M on average.
For
enterprises and SMBs in North America, the top expense is the same,
according to the data - with both paying the most for incidents
affecting IT infrastructure hosted by a third party at $163K for SMBs
and $1.75M for enterprises on average.
Budgeting for IT security: More of a priority
With
the cost of IT incidents on the rise, businesses are realizing that
they have to prioritize cybersecurity spending if digital transformation
projects are to run smoothly and securely. The portion of IT budgets
spent on security has increased in North America over the past year
among enterprises, up nine percentage points to 28 percent of the total
IT budget and for SMBs, who are up six percentage points at 25 percent.
According to the report, enterprises in North America are above the
global average for their budgets.
On
a global scale, enterprises and SMBs are showing growth in prioritizing
IT security spending with a three percentage point rise in 2018.
Enterprise companies globally are allocating up to $8.9M on average - or
26 percent - of their IT budgets to cybersecurity, redefining the
strategic role of corporate data protection. For SMBs globally, this
equates to $246K, or 23 percent of the overall IT budget.
Motivations for investing in IT security
Investments
in IT security can be for a variety of reasons, but the key driver
behind additional investment in IT security is the increased complexity
of IT infrastructure, as businesses increasingly adopt cloud platforms.
The
research found that the top three motivations for investing in IT
security are increased complexity of IT infrastructure (34%), to improve
the level of specialist security expertise (34%) and top management
wanting to improve defenses (29%). In North America, the top three
reasons remained the same.
The
combination of these factors shows how businesses are feeling the
impact of IT security and illustrates the scale of the challenges they
are facing, as they battle to stay secure among digital transformations,
new regulations and an evolving cyberthreat landscape.
"To
support dynamic business changes and increase efficiency, companies are
embracing cloud and business mobility," said Maxim Frolov, vice
president of global sales at Kaspersky Lab. "Cybersecurity has become
not just a line item in IT bills, but a boardroom issue and a business
priority for companies of all sizes, as evidenced by companies raising
their IT security budgets. Businesses expect a strong payoff as the
stakes continue to get higher: besides traditional cybersecurity risks,
many companies now have to deal with growing regulatory pressures, for
example."
To gain deeper insights into businesses perceptions of IT security spending, including regional breakdowns, please download the full report here.