The financial impact of a distributed denial-of-service (DDoS) attack is continuing to rise globally – with significant cost spikes for both small to medium-sized businesses (SMBs) and enterprises per attack.
Kaspersky Lab’s IT Security Risks Survey 2017, which polled 5,200 business representatives from 29 countries, shows that whether as the result of a single incident or as part of a multi-faceted cyberattack, the financial implications of reacting to a DDoS attack in 2017 is $123,000 for SMBs per incident, compared to $106,000 in 2016.
For enterprises, the cost has soared more than half a million dollars – from $1.6 million in 2016 to $2.3 million in 2017 on average per attack. The rising financial costs of DDoS attacks, coupled with unquantifiable impacts such as reputational damage, are crippling for many organizations.
When asked about the specific consequences experienced as a result of a DDoS attack, most organizations (33%) claim that the cost incurred in fighting the attack and restoring services is the main burden, while a quarter (25%) cited money spent investing in an offline or back-up system while online services are unavailable. Additionally, 23% said that a loss of revenue and business opportunities occurred as a direct result of DDoS attacks, whereas 22% listed the loss of reputation among clients and partners as another direct consequence of a DDoS attack.
Previous Kaspersky Lab research also found that the attack rate is accelerating, with more than a third (33%) of organizations facing a DDoS attack in 2017, compared to just 17% in 2016. Even so, organizations are undereducated about taking steps to protect themselves. For instance, they often expect third parties to protect their businesses.
According to the research, 34% of organizations expect their ISP will protect them from DDoS attacks, and another 26% expect their data center or infrastructure partners will do so. Additionally, nearly a third (28%) claim that it is unlikely that they will be targeted by a DDoS attack in general.
“DDoS attacks, both standalone or as part of an attack arsenal, can cost an organization thousands, if not millions – that’s without counting reputational damage and lost clients and partners as a result,” said Kirill Ilganaev, head of Kaspersky DDoS protection, Kaspersky Lab. “It is therefore wise to be aware of these threats and invest in their own protective measures in advance. It is also important to choose reliable specialized security solutions that are based on cybersecurity expertise and tailored to fight the most sophisticated DDoS attacks organizations face today.”