The Cost of a Cyberattack: Enterprises Pay $861,000 per Incident

The cost of a cyberattack has now increased to $861,000 for large businesses and SMBs pay an average of $86,500 to resolve security incidents, according to a recent study conducted by Kaspersky Lab.

Rapid identification of cyberattacks can ensure the cost of resolution is kept to a minimum. The cost of breach resolution increases with the time it takes to identify an attack.

If cyberattacks can be identified within 24 hours of a system being breached, the cost of resolving that breach is 44% lower for SMBs than when it takes a week or more to identify an attack. Enterprises can expect to pay 27% more than SMBs in breach resolution costs.

For the study, respondents were asked to calculate the cost of a cyberattack, but split that cost into different categories. The report shows that the biggest cost of a cyberattack is staff wages. Other costs include lost business opportunities, the cost of bringing in external experts to conduct a forensic analysis and evaluate risk, and the additional spending required to improve security after an attack. Additional staff training is often required.

According to the report, large businesses are spending $79,000 a year on staff training. Bringing in external IT experts costs an average of $85,000 a year. Performing additional staff training and obtaining assistance from external experts accounts for 19% of the total losses from cyberattacks.

Respondents were also asked questions about their IT budgets over the next 12 months. IT security budgets are expected to increase by 14% in the next 12 months. Respondents indicated that out of the total IT budget, 18% is spent on cybersecurity by SMBs and 21% is spent on cybersecurity by enterprises.

The smallest businesses could spend as little as $1,000 a year on cybersecurity defenses, while the largest enterprises that took part in the study spend more than $1 million a year on cybersecurity.

The global study was conducted on 4,000 respondents from 25 countries. The figures were taken from security incidents from the past 12 months that were obtained in the 2016 Corporate IT Security Study. The findings were published in the company’s ‘Measuring the Financial Impact of IT Security on Businesses Report’.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of