Enterprises which deployed an internal Security Operation Center (SOC) have been able to reduce financial damage from a cyberattack at $675,000 — less than half the average impact cost for all enterprise-level organizations at $1.41 million, a new survey from Kaspersky and market research firm B2B International has revealed.
The survey showed that outsourcing security may actually increase the financial impact, particularly if the company uses an under-qualified subcontractor.
Among other changes that a business can employ to reduce loses from a data breach is to employ a Data Protection Officer (DPO), as 34 per cent of companies of all sizes with this dedicated role reported that a cyber incident did not result in monetary loses, the findings showed.
Every year, data breaches are becoming more expensive for enterprises. In 2019, this cost has risen to $1.41 million — up from $1.23 million the previous year, said the Kaspersky report.
In response to this, large organizations are investing more in cybersecurity. This year, enterprise IT security budgets averaged $18.9 million compared to $8.9 million in 2018.
Establishing an internal SOC involves purchasing the necessary tools, building processes and recruiting analysts, which can be a challenge for any business.
“Likewise, finding a DPO, who can combine IT security and legal knowledge, is not an easy task. These require time and budgets, and security leaders often find it difficult to justify such initiatives,a said Veniamin Levtsov, Vice President, Corporate Business at Kaspersky.
Just having a dedicated employee or even special subdivision does not guarantee that a company will not suffer a data breach.
“However, it does ensure that the business is prepared for these incidents, allowing them to recover from an attack more quickly and efficiently,” Levtsov added.
Outsourced SOCs however don’t reduce the cost of data breaches for enterprises.
The survey showed that outsourcing security to a Managed Security Service Provider (MSP) may actually increase the financial impact, particularly if the company uses an under-qualified subcontractor.
“Nearly 23 per cent of companies that use an MSP experienced a financial impact of between $100k-249k, while only 19 per cent businesses with an in-house IT team reported this level of damage,” said the report.
The survey highlighted that more than one-third of organizations (34 per cent) with a DPO that suffered a data breach did not incur any financial loss, compared to only one-fifth (20 per cent) of businesses overall. (IANS)