The average budget enterprises need in order to recover from a security breach has surpassed half a million dollars, a new survey has revealed.
A study of 5,000 companies around the world by B2B International and Kaspersky Lab revealed the expected cost to large companies of an incident now stands at $551,000. Meanwhile, small and medium-sized businesses (SMBs) will typically incur costs of $38,000.
Nine out of ten respondents to the survey admitted encountering at least one security incident, though not all of these were classed as serious, or led to the loss of sensitive data.
The most serious incidents were typically found to be the result of malware, phishing attacks, software vulnerabilities and leaks by employees. However, the type of incident can have a significant bearing on the overall costs involved.
For large companies, breaches that occur as the result of failures at trusted third parties are among the most costly. Other expensive types of breaches include fraud by employees, cyber espionage and network intrusion.
On the other hand, SMBs tend to lose a significant amount of money on almost all types of breach, though they pay a particularly high price to recover from acts of espionage, as well as DDoS and phishing attacks.
For enterprises, an average bill for a cyber security incident includes $203,000 in lost business opportunities, with the research suggesting there is a 29 per cent probability of such losses being incurred.
Costs related to downtime may be the most significant expense, with large businesses losing anything up to $1.4 million as a result of this - though the research estimated a probability of 30 per cent for such losses.
The most common expenses will be paying for professional services such as IT experts, risk management professionals and legal advisors, which occur in 84 per cent of incidents. These costs typically add up to $84,000.
On top of these expenses, there are a number of indirect costs frequently encountered as a result of data breaches. It was estimated that enterprises may lose up to $204,750 due to factors such as reputational damage, while the cost of staffing, training and infrastructure upgrades in the aftermath of an incident totals $69,000 for enterprises and $8,000 for SMBs.