The average cost of a cybersecurity incident is growing – and the most costly breaches are due to failures of third parties such as suppliers or business partners.
The share of IT budgets that is being spent on IT security is growing and is almost a quarter (23 per cent) of the IT budget in large corporations, according to a report by Kaspersky Lab and B2B International: IT Security: cost-center or strategic investment? But the study also found that IT budgets are being slashed – meaning that overall spending on IT security is actually falling. The study puts the average IT security budget at $13.7 million this year – almost half of the average budget last year ($25.5 million).
The report also said that the cost of a cybersecurity breach is rising. It put the average cost of a breach in 2017 for a small or medium enterprise (SME) at more than $87,000, while larger companies could face costs as high as $992,000 – costs that are significantly higher than in 2016.
Perhaps most importantly, the report underlines that the worst cybersecurity losses are due to incidents involving third parties and their cyber-failures. It says incidents affecting infrastructure hosted by a third party could cost SMEs up to $140,000. Larger corporates meanwhile are paying up to $1.8 million as a result of breaches stemming from suppliers that they share data with, and $1.6 million due to insufficient levels of protection from providers of 'Infrastructure-as-a-service'.
In its statement about the report, Kaspersky Lab said: “As soon as a business gives another organization access to its data or infrastructure, weaknesses in one may affect them both. This issue is becoming increasingly important as governments worldwide rush to introduce new legislations, requiring organizations to provide information about how they share and protect personal data.”
Is blockchain the answer to data security breaches like Equifax?
Several factors made the Equifax data breach particularly serious and costly – so could blockchain technology help make personal identity data more secure online?
Today’s vital fraud prevention questions for the corporate treasurer
Dare you complete the International Chamber of Commerce’s cybersecurity self-assessment questionnaire?
Cyberfraud - it will be your fault. Protect yourself
Who is responsible: IT? Internal audit? Corporate treasury? Accounts payable? Government? Global regulators?