Radware report shows average cost of cyber attack episodes now exceeds $1.6 million

Cyber security and application delivery solutions developer Radware has released its Global Application and Network Security Report 2018-2019 in which survey respondents estimate the average cost of a cyber attack has now climbed to $1.1 million. For those organisations that calculate (versus estimate) the cost of an attack, that number increases to $1.67 million.

The top impact of cyber attacks, as reported by respondents, is operational/productivity loss (54%) followed by negative customer experience (43%). What’s more, almost half (45%) of respondents reported that the goal of the attacks they suffered was service disruption. Another third (35%) of respondents said the goal was data theft.

“This year, we’ve seen a real shift in the impact an attack has on a company financially and it’s especially interesting that more companies are taking the time to calculate the loss, not just estimate it,” said Jeff Curley, head of online and digital for Radware in the UK, Ireland and the Nordics. “That’s not surprising given how volatile economies are at the moment. Understanding the impact of downtime on productivity as well as sales and consumer trust is essential to justify spending money on protecting the business in the future and staying competitive.”

While the cost of attack mitigation continues to rise, so does the number of organisations under attack. Most organisations have experienced some type of attack within the course of the year, with only 7% of respondents claiming not to have experienced an attack at all. 21% reported daily attacks, representing a significant rise from 13% last year. Not only are attacks becoming more frequent, but they’re also more effective: 78% of respondents hit by a cyber attack experienced service degradation or a complete outage compared to 68% last year.

Even in view of these numbers, 34% of respondents don’t have a cyber security emergency response plan in place.

Further key findings outlined

Other key findings of the report include:

*43% of respondents reported negative customer experiences and reputation loss following a successful attack

*Data leakage and information loss remain the biggest concern for more than one-third (35%) of businesses, followed by service outages

*Hackers increased their usage of emerging attack vectors to bring down networks and Data Centres: Respondents reporting HTTPS Floods grew from 28% to 34%, reports of DNS grew from 33% to 38%, reports of burst attacks grew from 42% to 49%, and reports of bot attacks grew from 69% to 76%

*Application-layer attacks cause considerable damage. Two-thirds of respondents experienced application-layer DoS attacks, while 34% foresee application vulnerabilities being a major concern in the coming year. More than half (56%) reported making changes and updates to their public-facing applications monthly, while the rest made updates more frequently, actively driving the need for automated security

*86% of surveyed businesses indicated they explored machine learning and Artificial Intelligence (AI) solutions. Almost half (48%) point towards quicker response times and better security as primary drivers to explore machine learning-based solutions

Public now more aware

Jeff Curley added: “It’s a worry to see that a third of companies suffered data loss last year as I suspect a good proportion included personal data. The public is now far more aware of the risks of handing over information and the long-lasting impact to their lives if their data’s caught up in a breach. Hackers will continue to exploit this and I expect to see more and more automated attacks, especially those that target applications in the future. It’s no surprise that machine learning and AI are growing in popularity. They’re a way in which to provide defences that are effective 100% of the time. Companies that fail to invest in these new technologies will suffer the consequences.”

*Radware’s Global Application and Network Security Report, which is now in its eighth year, is a cross-industry report compiled by Radware’s Emergency Response Team (ERT), leveraging vendor-neutral survey data from 790 IT executives spanning several industries around the globe. The complete Global Application and Network Security Report 2018-2019, which details 2018’s major attack trends and provides predictions and recommendations from Radware’s ERT for how organisations can best prepare for mitigating cyber threats in 2019, can be downloaded at https://www.radware.com/ert-report-2018/

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts