A single DDoS attack can cost a company more than US$400K: Kaspersky

• 38% of DDoS victim unable to carry out core business
• Attacks can also affect credit ratings, insurance premiums

A SINGLE DDoS (Distributed Denial of Service) attack on a company’s online resources might cause considerable losses, with average figures ranging from US$52,000 to US$444,000 depending on the size of the company.
 
For many organisations, this can have a serious impact on the balance sheet as well as harm company reputations, as partners and customers lose access to online resources, Kaspersky Lab said in statement.
 
The loss figures above come from a Global IT Security Risks Survey 2014 study conducted by Kaspersky Lab and B2B International.
 
A total of 3,900 respondents from 27 countries – including representatives from companies of all sizes – took part in the year’s survey, Kaspersky Lab said.
 
Approximately 17% of the respondents were corporations in the ‘Large Enterprise’ segment (from 5,000 to 50,000 employees), while 12% of the survey participants were in the Large-Medium category (1,500 to 5,000 employees).
 
About 25% of the survey participants were companies with anywhere from 250 to 1,500 employees, and the remaining respondents represented small and very small businesses.
 
The total costs from DDoS reflect several problems, the company said.
 
According to the study, 61% of DDoS victims temporarily lost access to critical business information; 38% of companies were unable to carry out their core business; and 33% of respondents reported the loss of business opportunities and contracts.
 
In addition, in 29% of DDoS incidents, a successful attack had a negative impact on the company’s credit rating while in 26% of cases it prompted an increase in insurance premiums.
 
The experts included the costs of remediating the consequences of an incident when calculating the average sum. For example, 65% of companies consulted with IT security specialists, 49% of firms paid to modify their IT infrastructure, 46% of victims had to turn to their lawyers, and 41% turned to risk managers.
 
And these are only the most common expenses, Kaspersky Lab said.
 
Information about DDoS attacks and subsequent disruption to the business often becomes public, adding to the risks.
 
Seventy-two percent of victims disclosed information about a DDoS attack on their resources. Specifically, 43% of respondents told their customers about an incident, 36% reported to representatives of a regulatory authority, and 26% spoke to the media.
 
Thirty-eight percent of companies suffered reputational loss as a result of a DDoS attack, and almost one in three affected organisations had to seek the assistance of corporate image consultants.

“A successful DDoS attack can damage business-critical services, leading to serious consequences for the company,” said Eugene Vigovsky, head of Kaspersky DDoS Protection.
 
“For example, the recent attacks on Scandinavian banks (in particular, on the Finnish OP Pohjola Group) caused a few days of disruption to online services and also interrupted the processing of bank card transactions, a frequent problem in cases like this.
 
“That’s why companies today must consider DDoS protection as an integral part of their overall IT security policy. It’s just as important as protecting against malware, targeted attacks, data leak and the like,” he added.
 
Related Stories:
 
Cyber-war: Staying clear of DDoS attacks
 
Against DDoS attacks, an end-to-end approach needed
 
Four things banks need to know about DDoS attacks
 
 
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.