Study: Most Companies Have No Idea How Much a Cyber Attack Could Cost Them

Conor Cawley

Cybersecurity risks are everywhere nowadays. From phishing emails to ransomware attacks, there is no telling where your company's next security snafu might come from, particularly with fewer and fewer employees knowing how to spot a red flag. To make matters worse, IT decision-makers don't appear to be taking the matter seriously, as one study has shown that many of them don't even know how much a cyber attack could cost their company.

According to research from Webroot, 78 percent of IT decision-makers at mid-sized businesses (100-499 employees) believe that cyber attacks will cost they're company less than $1 million. To make matters worse, 62 percent believe that it will cost less than $500,000 and 22 percent believe it will cost less than $100,000. So how wrong are they? A lot.

While the math isn't exact and numbers vary across the board, the consensus is pretty clear: it costs a lot more than these people think. According to one study from Hewlett Packard Enterprise, the average annual losses per US company that experiences a cyber attack is $15.4 million in 2016. Another study from IBM estimated the cost at around $3.62 million in 2017. While this data is far from consistent, one thing is clear: it costs a whole lot more than $500,000.

“In addition to traditional cyberattacks like phishing and malware, new tactics like ransomware attacks are making it more lucrative than ever to be a cyber thief,” wrote the authors of the study from Webroot. “This ever-changing threat environment is forcing IT decision-makers to reevaluate their security strategies. How well equipped are SMBs to protect their data? How are they adapting their approaches to keep pace with a barrage of new cyber threats?”

The survey, conducted by Wakefield Research, is pretty damning when it comes to the educational level of IT decision makers. It also showed that most of them are very confident (87 percent) in their knowledge of the effects of cyber attacks, despite their lack of knowledge in regards to how much it might costs. And if you ask me, that'd be the first thing an IT decision-maker would be concerned about when it came to cybersecurity.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Conor is the Senior Writer for For the last five years, he’s written about everything from Kickstarter campaigns and budding startups to tech titans and innovative technologies. His extensive background in stand-up comedy made him the perfect person to host tech-centric events like Startup Night at SXSW and the Timmy Awards for Tech in Motion. You can email Conor at

Explore More See all news
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals