Study: Most Companies Have No Idea How Much a Cyber Attack Could Cost Them

Cybersecurity risks are everywhere nowadays. From phishing emails to ransomware attacks, there is no telling where your company’s next security snafu might come from, particularly with fewer and fewer employees knowing how to spot a red flag. To make matters worse, IT decision-makers don’t appear to be taking the matter seriously, as one study has shown that many of them don’t even know how much a cyber attack could cost their company.

According to research from Webroot, 78 percent of IT decision-makers at mid-sized businesses (100-499 employees) believe that cyber attacks will cost they’re company less than $1 million. To make matters worse, 62 percent believe that it will cost less than $500,000 and 22 percent believe it will cost less than $100,000. So how wrong are they? A lot.

While the math isn’t exact and numbers vary across the board, the consensus is pretty clear: it costs a lot more than these people think. According to one study from Hewlett Packard Enterprise, the average annual losses per US company that experiences a cyber attack is $15.4 million in 2016. Another study from IBM estimated the cost at around $3.62 million in 2017. While this data is far from consistent, one thing is clear: it costs a whole lot more than $500,000.

“In addition to traditional cyberattacks like phishing and malware, new tactics like ransomware attacks are making it more lucrative than ever to be a cyber thief,” wrote the authors of the study from Webroot. “This ever-changing threat environment is forcing IT decision-makers to reevaluate their security strategies. How well equipped are SMBs to protect their data? How are they adapting their approaches to keep pace with a barrage of new cyber threats?”

The survey, conducted by Wakefield Research, is pretty damning when it comes to the educational level of IT decision makers. It also showed that most of them are very confident (87 percent) in their knowledge of the effects of cyber attacks, despite their lack of knowledge in regards to how much it might costs. And if you ask me, that’d be the first thing an IT decision-maker would be concerned about when it came to cybersecurity.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Conor is the Lead Writer for For the last six years, he’s covered everything from tech news and product reviews to digital marketing trends and business tech innovations. He's written guest posts for the likes of Forbes, Chase, WeWork, and many others, covering tech trends, business resources, and everything in between. He's also participated in events for SXSW, Tech in Motion, and General Assembly, to name a few. He also cannot pronounce the word "colloquially" correctly. You can email Conor at
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals