Radware’s new report provides information regarding the threat landscape in 2018 and the dramatic increase in the cost of cyberattacks. The report indicates there has been a 52% increase in the cost of cyberattacks on companies since 2017.
For the report, Radware surveyed 790 respondents including managers, security engineers, network engineers, CISOs, and CIOs pros from companies around the world. The respondents were asked about the problems they had encountered preparing for and responding to cyberattacks and the estimated cost of mitigating those attacks.
The Threat Landscape in 2018
Of the surveyed companies, 93% said they had experienced a cyberattack in the last year. The greatest threat was ransomware and similar extortion-related attacks, which made up 51% of all cyberattacks in the past year. In 2017, ransoms were involved in 60% of cyberattacks. The decrease has been attributed to ranomware falling out of favor with hackers, who have switched to cryptocurrency mining malware.
31% of attacks were conducted with political aims or involved hacktivism. A fall from 34% in 2017. The reason for 31% of the attacks was not known, which shows that attackers are taking greater care to hide the motivations behind their attacks. 26% were attacks by competitors, 27% were insider threats, 19% were attributed to cyberwar, and 18% were performed by disgruntled employees. The main reasons for the cyberattacks were service disruption (45%), data theft (35%), and espionage (3%). The reason for 16% of attacks was not determined.
20% of businesses claimed they are being attacked everyday: An increase of 62% year over year. 13% said they were attacked weekly; another 13% experienced monthly attacks, and 27% had one to two attacks last year. 19% were not sure how many attacks they’ve had.
The government sector was most attacked, followed by the healthcare industry. 39% of healthcare companies claimed they were experiencing daily or weekly cyberattacks. About 6% of healthcare companies reported they were not attacked last year.
76% of organizations reported that the biggest threats were malware and bots. 65% said social engineering attacks like phishing. 53% said DDoS attacks, 42% said web application attacks, 38% said ransom threats and 20% said cryptocurrency miners.
Participants from healthcare companies thought they were ready for web application attacks (52%), malware, bot and DDoS attacks (55%) and phishing and other social engineering attacks (58%). Just 39% thought they were ready to handle advanced persistent threats and ransomware attacks.
The Increasing Cost of Cyberattacks
According to the Radware report, cyberattack costs have more than doubled in a year. The average cost is now $1.1 million. Surveyed respondents that used a formalized calculation process to determine the cost of cyberattacks reported that the average cost was $1.7 million per successful attack, while those without a formal calculation process reported the cost to be $880,000 per successful attack. For SMBs with fewer than 1,000 workers, the average cyberattack cost was $450,000. That increased to $1.1 million for businesses with 1,000 to 10,000 workers, and to $2.1 million for businesses with over 10,000 workers.
The average cost of a successful cyberattack on a healthcare organization was $1.43 million. According to the report, the majority of healthcare organizations (82%) are prepared for attacks and have a breach response plan.
The Real Cost of a Cyberattack
Cyberattack costs are likely to be considerably higher than the estimations. Radware remarks that the estimations do not factor in direct expenses such as investigation costs, the labor costs mitigating attacks, the creation of software patches, and indirect expenses like hiring technical experts, legal costs, stock price fluctuations, and costs related to avoiding future cyberattacks.
Other expenses that are hard to compute are lost income, lost customers and brand reputation damage – which are all possible after a breach. Radware respondents remarked that after a successful cyberattack, 43% said there had been a negative customer experience, 37% suffered brand damage, and 23% lost some of their customers.