Security Risks Equal Business Risks
It should come as no surprise that the number of cyber-attacks continues to rise.
Download a Copy Now
It should come as no surprise that the number of cyber-attacks continues to rise. As noted in Radware’s 2015-2016 Global Application & Network Security Report, more than 90% of respondents reported experiencing attacks in 2015.
But what are the costs of actually “cleaning” up after a cyber-attack?
What are the potential impacts of these assaults on business, and do partners who interact or share networks with a business pose a security threat?
To find out, Radware conducted a survey of more than 200 C-level security executives from the U.S. and United Kingdom.
In the Radware’s Security and the C-Suite: Threats and Opportunities Report executives underscored just how expensive recovering from a cyber-attack is. More than a third of respondents in the U.S. said an attack had cost them more than $1 million, and 5% said they spent more than $10 million. Costs in the U.K. were generally lower, with 63% saying an attack had cost less than £351,245 (or about $500,000), though 6% claimed costs above £7 million.
Figure 1: Estimated Cost of an Attack
Figure 2: Security Threats Are a Board-Level Concern
* This is slightly higher for those in the U.K., compared to those in the U.S.
Given the prevalence and cost of security incidents, it is not surprising that four out of five executives (82%) say that security threats are now a CEO or board-level concern. That’s a notable increase from a 2014 executive survey conducted by Radware, which found that security was a CEO or board-level concern for less than three-quarters of respondents.
The 2016 Executive Report affirmed that partners remain an area of potential weakness. Every partner that interacts with a business or its network should adhere to the same security standards. To their credit, 44% of respondents have been including suppliers and partners in security processes for more than two years and another 33% have begun doing so within the past two years. However, more than one-fifth (22%) are still not addressing suppliers and partners in their processes. When asked what partners and customers are asking related to enhanced security, about two-fifths of executives said “none” or gave no specific answer.
The 2016 Executive Report also confirmed the potential impact of security threats. Executives rated brand reputation, operational loss and revenue loss as the areas of greatest impact. Among the other potential effects cited: productivity loss, impact on share price value, unexpected increases in budget, training/education and hiring requirements, and contract loss. The impacts selected were largely the same among U.S. and U.K. executives, with one exception: business leaders in the U.K. were more likely to mention unexpected contract loss as a top concern.
Figure 3: Impact of Security Threats on Business
Above all, the report confirmed that companies continue to take action—but still have opportunities to do more. In both the U.S. and the U.K., about one-third of executives rate changes in technology, C-level awareness or knowledge/education as critical to effectively thwarting security threats. Process and policy changes are extremely important to almost three in 10 executives, with just one in five pointing to changes in resources as critical to dealing with security threats.
Figure 4: Importance of Changes to Thwart Security Threats