Content, Content

Kaspersky Lab Study: Average Cost of Enterprise DDoS Attack Totals $2M

Credit: Pixabay

Distributed denial-of-service (DDoS) attack costs are increasing globally, according to a survey of more than 5,200 business professionals conducted by antivirus solutions provider Kaspersky Lab and market research firm B2B International.

Key findings from the Kaspersky-B2B "IT Security Risks Survey 2017" included:

  • On average, the cost of a DDoS attack for enterprises was $2 million, and the cost of a DDoS attack for small and medium-sized businesses (SMBs) was $120,000.
  • The financial implications of reacting to a DDoS attack in 2017 was $2.3 million for enterprises, compared to $1.6 million in 2016. Meanwhile, the financial implications of reacting to a DDoS attack last year was $123,000 for SMBs, up from $106,000 in 2016.
  • Among all respondents, 33 percent cited the costs of fighting a DDoS attack and restoring services as the main burden associated with DDoS attacks, and 25 percent said money spent investing in an offline or back-up system while online services are unavailable was the primary burden.
  • 23 percent said a loss of revenue and business opportunities occurred as a direct result of a DDoS attack, and 22 percent listed the loss of reputation among clients and partners as a direct consequence of a DDoS attack.

Organizations must take a proactive approach to identify and address DDoS attacks, Kaspersky Head of DDoS Protection Kirill Ilganaev said in a prepared statement. With specialized security solutions at their disposal, organizations of all sizes may be better equipped than ever before to combat DDoS attacks.

Organizations Looks to MSSPs for DDoS Attack Protection

Many organizations expect MSSPs and other third-parties to provide DDoS attack protection.

Thirty-four percent of survey respondents expect their internet service provider (ISP) to protect them against DDoS attacks, Kaspersky said. Furthermore, 26 percent anticipate their data center or infrastructure partners will safeguard them against DDoS attacks.

Comparatively, 73 percent of IT security professionals noted they expect regulatory pressure to be applied against ISPs that are perceived to be not protecting their customers against DDoS attacks, according to a recent survey conducted by DDoS protection solutions provider Corero Network Security. Yet the survey also showed only 25 percent of respondents believe their ISP is to blame for not mitigating DDoS attacks.

What Does the Future Hold for DDoS Attacks?

DDoS attacks are major problems for organizations around the globe, and the frequency of these attacks appears unlikely to slow down any time soon.

The Kaspersky "DDoS Intelligence Report" for the fourth quarter of 2017 indicated DDoS attacks were launched in 84 countries during the time frame. In addition, SYN DDoS was the most common attack method at this time.

Going forward, MSSPs can offer security services to safeguard organizations against DDoS attacks. MSSPs also can provide security event analytics and reporting and automatic mitigation capabilities to help organizations speed up DDoS attack response and remediation.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.