Akamai, the intelligent edge platform for securing and delivering digital experiences, and Ponemon Institute, revealed the findings from an APAC-wide study that identifies and understands the changes in the cost and consequences of web application and DoS attacks. Businesses surveyed in the study estimated that the total average cost of web application attacks in APAC over the past 12 months was $2.4 million per company, while the total average cost of DoS attacks was $1.1 million.
The study, titled ‘Trends in the Cost of Web Application and Denial of Service Attacks: Asia Pacific’, conducted by Ponemon Institute and sponsored by Akamai Technologies, surveyed 501 IT practitioners across operations, security, compliance and data centre administration from industries such as Financial Services, Manufacturing, Public Sector, Transportation, Hospitality and many more. The study found that companies spent an estimated $903,830 and $294,627 on web application attacks and DoS attacks respectively.
According to the study, revenue losses stemming from customer-facing services being unavailable averaged $435,222 over the past year. The study also revealed that companies experienced an average of approximately four DoS attacks, over the same period of time. Following an attack, the average amount of downtime was 7.45 hours, and the time taken to mitigate just one DoS attack was more than one hour (60.32 minutes).
Key findings from the study include:
Web Application Attacks
- The importance of safeguarding web applications o Web application security is considered critical for organizations: Web application attacks are a constant threat for companies. 43 percent of respondents said that web application security is more critical than other security issues faced by their organizations.
- Effectiveness of Web Application Firewalls (WAF) o A WAF should support both security and performance: While performance is an attribute often overlooked for security solutions, a majority of respondents placed a high value on performance for a WAF solution. 69 percent of respondents said that a fully functional WAF is one that optimizes both performance and security.
- The cost of web application attacks o Companies face growing revenue losses from web application attacks because potential customers are not only unable to purchase goods and services, but also tie- up support staff complaining about this and seeking help: 37 percent of respondents said that the largest cost related to web application attacks is technical support.
Denial of Service Attacks
- The growing threat of DoS attacks o A lack of qualified security personnel is more of a barrier than a lack of resources: 54 percent of respondents believe that the most critical barrier to preventing DoS threats is the lack of qualified security personnel. 43 percent said that is because of inadequate or insufficient technologies, while 37 percent of respondents believe not having sufficient budget resources is a barrier.
- The financial consequences of a DoS attack o Revenue losses and the need to allocate resources to technical support are the most significant financial consequences of DoS attacks: 30 percent of respondents said that the largest cost is the loss of revenue because customer facing services were unavailable.
Methodology
The sampling frame for the ‘Trends in the Cost of Web Application and Denial of Service Attacks: Asia Pacific’ study composed of 14,655 IT and IT security practitioners located in the APAC region. A total of 551 respondents completed the survey out of which 50 surveys were removed by screening. The final sample consisted of 501 surveys.