The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018–up 52% from the year before, according to a Tuesday report from Radware. For companies with a formal cost calculation process, that estimate rises to $1.7 million, the report found, with the top impacts being operational/productivity loss (54%), negative customer experiences (43%), and brand reputation loss (37%).
The report surveyed 790 IT executives worldwide across industries. These IT leaders perceive the goals of the attacks to be service disruption (45%), data theft (35%), unknown reasons (11%), or espionage (3%).
SEE: Security awareness and training policy (Tech Pro Research)
Some 21% of businesses experience daily cyberattacks, up from 13% last year, the report found. Another 13% said they were attacked weekly, 13% said monthly, and 27% said once or twice a year. Only 7% of organizations said they have never been attacked, according to the report.
The most common types of attacks on enterprises are malware and bots (76%), socially engineered threats like phishing (65%), DDoS attacks (53%), web application attacks (42%), ransomware (38%), and cryptominers (20%).
Hackers are also increasing their usage of emerging attack vectors to bring down networks and data centers, the report found: IT leaders reporting HTTPS Floods rose from 28% in 2017 to 34% in 2018, while reports of DNS grew from 33% to 38%. Burst attacks rose from 42% to 49%, and reports of bot attacks grew from 69% to 76%.
“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100% of the time,” Anna Convery-Pelletier, chief marketing officer for Radware, said in a press release. “A cyberattack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”
The big takeaways for tech leaders:
- The average estimated cost of a cyberattack on an enterprise was $1.1 million in 2018, up 52% from the year before. — Radware, 2019
- Top goals of cyberattacks are perceived to be service disruption (45%), data theft (35%), unknown reasons (11%), and espionage (3%). — Radware, 2019