on the radar blog

on the radar

The latest on cybersecurity threats and trends you need to know about

Around the IndustryMay 10, 2018

The Cost of Cybercrime: Breaking Down the Price of an SMB Cyberattack

Many small and mid-sized businesses have an unclear concept of the potential damages caused by cyberattacks. However, now that nearly 6 in 10 small businesses report they have experienced some sort of security breach, these once abstract costs are more frequently becoming a reality for SMBs across the country. And unfortunately, the price tag associated with a cyberattack is only increasing—in 2017, cyberattacks cost small businesses between $84,000 and $148,000. Globally, the cost has risen 27.4% in the last year.

But where do these costs come from? Let’s break down the true cost of a cyberattack in order to understand why prevention is the best policy for today’s small and mid-sized businesses.

When it comes to cost, the attack vector matters.

There are certain attack vectors that affect small and mid-sized businesses much more often than large enterprises—and are more costly for SMBs to handle. According to a recent study by the Ponemon Institute, these vectors include malware, web-based attacks, phishing and social engineering, and stolen devices. These are the types of cyberattacks that can quickly rack up costs for smaller businesses.

Standard cyberattack expenses include income loss, replacement software, and more.

If an SMB becomes a victim of malware or a web-based attack, one of the first costs to rear its head will be loss of income. When the business network or data center goes down—whether the downtime is due to the attack or the necessary repairs that follow—employees won’t be able to perform their work as usual. The total average cost of a data center outage is estimated at $8,851 per minute—a figure that’s only rising as powerful business networks become increasingly critical to employee productivity.

One of the next costs to affect small businesses is the replacement and/or repair of infected hardware and software. Businesses spend thousands of dollars each year on network equipment and software licenses, all of which can be permanently damaged if infiltrated by cyber criminals. In 2017 alone, 72% of hacked businesses spent more than $5,000 to investigate cyberattacks as well as restore or replace damaged software and hardware. Depending on the nature of the technology that is affected and the other costs incurred, these repairs could mean the difference between shutting down and staying afloat for many small business victims of a cyberattack.

…But the invisible costs are often more damaging.

In addition to these standard costs, cyberattacks can result in more unexpected losses that will also affect your small business’ bottom line. One of these is information theft. The loss of key business information, much of which may be highly sensitive, is estimated by some to be the most expensive cost of a cyberattack, accounting for 43% of the costs breached businesses paid last year. In fact, the median cost for a breach of business authentication credential information is anywhere from $100,000 to $500,000.

Another invisible cost of a cyberattack is loss of customer trust. According to SANS Institute, even a breach of fewer than 1,000 records can result in brand confidence loss costs of $25,000 – $100,000. A drop in brand reputation can lead to lower sales and revenue, increased customer churn, and the need for increased public relations spending.

Luckily, with proactive cyber protection, these costs can be avoided.

Once these costs start snowballing, you can’t go back in time to unclick that link or isolate that infected endpoint. You can, however, take steps to stop cyberattacks from infiltrating your network in the first place. While most companies tend to spend their cybersecurity budget on detection and recovery—which together make up 55% of total internal security spending—what SMBs really require is a holistic, proactive cyber defense strategy. By preventing cyber criminals from accessing their network in the first place, SMBs are in the best position to remain cyber-secure and ensure business continuity.

Enlisting a Managed Security Service Provider (MSSP) is generally the most cost-effective, proactive solution for SMBs. These providers bring the expertise and round-the-clock cybersecurity monitoring SMB IT teams need to lighten their loads while also mitigating potential cyberattacks, saving businesses from ever paying the hefty price of a breach.

Avow Helps Your Business Avoid the Cost of Cybercrime

Avow’s 100% Managed Cybersecurity Program is a proactive, bundled solution designed to keep SMBs from experiencing the cost of cybercrime. For a single subscription price, small and mid-sized businesses can gain completely managed 24/7/365 next generation firewall services, endpoint protection, patch management, security awareness training, vulnerability scanning, and incident response services they need in order to prevent cyberattacks and the costs associated with security breaches.

Ready to mitigate the risk of cybercrime expenses? Schedule a conversation with Avow to learn how our proactive model offers total peace of mind.