- The average global cost for remediating a single major security event is approximately US$290,000 for a 2,500-employee organisation.
- Mid-sized companies’ security budgets increased nearly 36% to protect against malicious attacks
- The consensus estimate is that more than 5% of global security professionals are grey hats - hackers who violate laws or ethical standards on occasion, but without malicious intent as would be typical of a black hat hacker.
Malwarebytes, the malware prevention and remediation solution, has released White Hat, Black Hat and the Emergence of the Gray Hat; The True Costs of Cybercrime*.
Report findings include:
- Cybercrime incidents are escalating, security budgets exploding and security remediation costs are skyrocketing:
- Remediating major security incidents is extremely expensive: the average global expenditure for remediating just a single event is approximately US$290,000 for a 2,500-employee organisation.
- Phishing was the most common cause of major incidents globally (44%) with ransomware (26%) and spear phishing (20%) also in the top five.
- Midsize companies (those with 500-999 employees) are getting squeezed with massive increases in security incidents and exploding security budgets but have fewer employees and smaller budgets to deal with them. Their security budgets increased by 36%.
-Mid-market businesses had the highest percentage of security budget increases from 2017 to 2018 (36.32% increase for midsize companies; 20.46% increase for large companies; 8.5% increase in budget for small companies) to counter the higher levels of adware, accidental insider data breaches and intentional insider data breaches and even nation state attacks.
- Mid-sized companies spent 19% of their security budget remediating compromises. Fewer staff in mid-sized companies’ security operations centres (SOCs) are on hand to handle the volume of attacks. This resulted in the highest percentage of security budget spent on remediating attacks (18.62% of budget spent on remediating compromises) compared with both large enterprises (11.3% of budget spent on remediating compromises) and smaller businesses (13.97% of budget spent on remediating compromises).
- About half (49%) of global mid-market professionals were most likely to suggest that it's easy to get into cybercrime without getting caught.
- Globally, 41% of security professionals admitted to having considered participating in black hat (malicious) activity.
“The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today’s businesses, with a seemingly larger hit to security departments of mid-market enterprises,” said Marcin Kleczynski, Malwarebytes CEO.
“On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, intellectual property (IP) and reputation. We need to up-level the need for proper security financing to the executive and board level. This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.”
Explore:
Read White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime
Read the TechTrade Asia blog post about where Singapore stands in the report
*The report, conducted by Osterman Research, polled 900 senior IT decision-makers and IT security professionals in Australia, Germany, the US, UK, and Singapore about the impact of cybercrime on their bottom line, and also looks at all sides of IT security costs from budget and remediation, to hiring, recruiting and retention.
No comments:
Post a Comment