report Information security in loss figures We surveyed almost 5,000 business decision-makers willing to share their thoughts on cybersecurity and their firms’ attitudes about cyberthreats. Kaspersky Team October 1, 2019 To budget for information security, companies need to consider factors such as average potential losses, preferably by incident type, as well as other businesses’ average outlays on security. Precise data on such questions do not get published, and that’s one reason we conduct an annual survey of employees who make business decisions related to IT security for a variety of companies. And now we are ready to share results of our 2019 survey. Financial implications Compared with the results of last year’s survey, enterprise businesses’ losses have increased. Where previously an incident cost them an average of $1.23 million, now the average loss is $1.41 million. This growth is partly a result of companies now spending more on third-party experts and PR drives aimed at softening the blow to the firm’s image. It is likely that spending on PR has increased because of an overall tightening of laws requiring companies to publicly report incidents. This is particularly relevant in the case of data leaks. Today, current and potential clients or partners are certain to find out about incidents, and they worry about their data potentially falling into cybercriminals’ hands. The issue is not limited to large companies: According to respondents, 36% of enterprises and 31% of small businesses ran into PR problems as a result of leaks. Interestingly, the small business segment has experienced a reverse of that trend, with the average cost of an incident falling from $120,000 to $108,000, with outlays for compensation as well as security tools, both software and infrastructural, decreasing. You’ll find a detailed breakdown of specific items of corporate financial loss as a result of cyberincidents in the full report, available for download below. Incident causes In the eyes of our respondents, irrespective of company size, the problem is most often rooted in employees’ misuse of IT resources, and infection of company devices with malware. Of course, those broad categories cover a great variety of cases, but, for example, the common situation of an employee clicking a link in an e-mail and installing malware fits both of the above.
Tips Subscribe or treat? Manage your subscriptions with ease Many of us have dozens of online subscriptions and recurring payments. How to take control, save money, and stay on top of expenses?
Tips How to set up security and privacy in adidas Running (Runtastic) A detailed guide on setting up privacy in the adidas Running app.
Tips Taking a selfie with your ID card — is it safe? Many popular online services these days require a selfie with your ID card or passport to register. We explore whether taking such photos is safe (spoiler: it’s not) and how to minimize the risks.
Tips Will AI replace SOC analysts? We share our experience on the optimal use of AI models in the SOC of our Kaspersky MDR service.