DDoS attack can cost a company more than $400,000

A DDoS attack on a company’s online resources might cause considerable losses – with average figures ranging from $52,000 to $444,000 depending on the size of the company, according to the results of a study conducted by Kaspersky Lab and B2B International.

A distributed denial of service (DDoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.

For many organizations these expenses have a serious impact on their balance sheet as well as harming the company’s reputation due to loss of access to online resources for partners and customers.

The total costs reflect several problems. According to the study:

  • 61% of DDoS victims temporarily lost access to critical business information
  • 38% of companies were unable to carry out their core business
  • 33% of respondents reported the loss of business opportunities and contracts
  • 29% of DDoS incidents a successful attack had a negative impact on the company’s credit rating
  • 26% of cases prompted an increase in insurance premiums

The experts included the costs of remediating the consequences of an incident when calculating the average sum. For example, 65% of companies consulted with IT security specialists, 49% of firms paid to modify their IT infrastructure, 46% of victims had to turn to their lawyers and 41% turned to risk managers. And these are only the most common expenses.

Information about DDoS attacks and subsequent disruption to the business often becomes public, adding to the risks. 72% of victims disclosed information about a DDoS attack on their resources. Specifically, 43% of respondents told their customers about an incident, 36% reported to representatives of a regulatory authority, and 26% spoke to the media. 38% of companies suffered reputational loss as a result of a DDoS attack, and almost one in three affected organizations had to seek the assistance of corporate image consultants.

A total of 3,900 respondents from 27 countries including representatives from companies of all sizes took part in the survey. More than 54% of the participants were mid-sized, large and very large companies. Approximately 17% of the respondents were corporations in the Large Enterprise segment (from 5,000 to 50,000 employees), while 12% of the survey participants were in the Large-Medium category (1,500 to 5,000 employees). About 25% of the survey participants were companies with anywhere from 250 to 1,500 employees, and the remaining respondents represented small and very small businesses.

“A successful DDoS attack can damage business-critical services, leading to serious consequences for the company. For example, the recent attacks on Scandinavian banks (in particular, on the Finnish OP Pohjola Group) caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this. That’s why companies today must consider DDoS protection as an integral part of their overall IT security policy. It’s just as important as protecting against malware, targeted attacks, data leak and the like,” said Eugene Vigovsky, Head of Kaspersky DDoS Protection, Kaspersky Lab.

For years, Kaspersky Lab has been accurately predicting the rise of DDoS attacks, and has paid closer attention to the botnets that fuel these attacks, it claims. Kaspersky Lab decided to counter this threat directly, and announced the company’s intention to create specialized anti-DDoS technologies and solutions for businesses.

Kaspersky DDoS Protection switches client traffic to Kaspersky Lab cleaning centers for the duration of the attack, filtering malicious traffic so that the client only receives legitimate requests. This prevents infrastructure and services from being overloaded.

Last month, Kaspersky Lab and B2B International reported that 50% of companies regard countermeasures against DDoS attacks as an important component of IT security. It means that the other 50% of companies may prove to be unprepared for a sudden attack, which could damage both their finances and their reputation as a result of the unavailability of Internet services.

[Download PDF]– GLOBAL IT SECURITY RISKS SURVEY 2014- DISTRIBUTED DENIAL OF SERVICE (DDoS) ATTACKS Report

Leave a Reply