A Cyber Attack Costs Average $10.3 Million, Too Big for SMEs

$10.3 million is a lot of money for a medium-size enterprise, especially for an Asia-Pacific firm. Unfortunately, according to Frost & Sullivan survey, that same amount is only the average cost of damage that needs to be absorbed by the victim company at the wake of the cyber attack. If left unsustainable, that alone may make the company cease its business operations for failure of recovering from the loses both in operating funds and possible unrecoverable brand damage.

The Microsoft-commissioned survey titled: ‘Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World’, exposes the information relevant to the Enterprises operating in the Asia-Pacific business space. The survey conducted with 1,300 participating companies leaders and IT heads.

“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize operations, they take on new risks. With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation-as is evident from high-profile breaches this year.” emphasized Keshhav Dhakad, Microsoft India’s Corporate External and Legal Affairs Assistant General Counsel.

Most of the time, when a firm becomes a victim of a cyber attack the cost being computed is the immediate and direct financial loses, mostly coming from unexpected downtime of systems. However, the bigger problem beyond that is the damaged reputation of the brand, the product and the services offered by the firm to its loyal customers. The relationship with suppliers is also hurt in the process, as doubts surrounding data-integrity, availability and accessibility start to become questionable.

“Although the direct losses from cybersecurity breaches are mostly visible, they are but just the tip of the iceberg. There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks can be often underestimated,” explained Benoy CS, Frost & Sullivan’s Director & Business Head Unit.

Cybersecurity spending increase is needed in order to bring about change in an organization to make it more resistant from vulnerabilities. Asia-Pacific region is exposed to cyber attacks more year-after-year, as Europe and North America are considered saturated for the cybercriminal community. A focus on controls, finding and fixing gaps between current and desired cybersecurity posture, dominates. There is much less focus on the actual results of cybersecurity efforts, such as examining costs and the effectiveness of controls. This may be due to the widespread use of frameworks which promotes the use of process measures. With very few exceptions, senior management understood the importance of cybersecurity efforts. This led to support not only at the senior management level, but in many cases at the board level as well. When asked what has made senior management so supportive the most common reason given was recent widely, publicized breaches.

“The ever-changing threat environment is challenging, but there are ways to be more effective using the right blend of modern technology, strategy and expertise. Microsoft is empowering business to take advantage of digital transformation by enabling them to embrace the technology that’s available to them, through its secure platform of products and services, combined with unique intelligence and broad industry partnerships,” concluded Dhakad.