Cybersecurity risks are everywhere nowadays. From phishing emails to ransomware attacks, there is no telling where your company's next security snafu might come from, particularly with fewer and fewer employees knowing how to spot a red flag. To make matters worse, IT decision-makers don't appear to be taking the matter seriously, as one study has shown that many of them don't even know how much a cyber attack could cost their company.
According to research from Webroot, 78 percent of IT decision-makers at mid-sized businesses (100-499 employees) believe that cyber attacks will cost they're company less than $1 million. To make matters worse, 62 percent believe that it will cost less than $500,000 and 22 percent believe it will cost less than $100,000. So how wrong are they? A lot.
While the math isn't exact and numbers vary across the board, the consensus is pretty clear: it costs a lot more than these people think. According to one study from Hewlett Packard Enterprise, the average annual losses per US company that experiences a cyber attack is $15.4 million in 2016. Another study from IBM estimated the cost at around $3.62 million in 2017. While this data is far from consistent, one thing is clear: it costs a whole lot more than $500,000.
“In addition to traditional cyberattacks like phishing and malware, new tactics like ransomware attacks are making it more lucrative than ever to be a cyber thief,” wrote the authors of the study from Webroot. “This ever-changing threat environment is forcing IT decision-makers to reevaluate their security strategies. How well equipped are SMBs to protect their data? How are they adapting their approaches to keep pace with a barrage of new cyber threats?”
The survey, conducted by Wakefield Research, is pretty damning when it comes to the educational level of IT decision makers. It also showed that most of them are very confident (87 percent) in their knowledge of the effects of cyber attacks, despite their lack of knowledge in regards to how much it might costs. And if you ask me, that'd be the first thing an IT decision-maker would be concerned about when it came to cybersecurity.