Average Cyberattack Cost Tops $1 Million: What It Means for MSPs

Written by Allison Francis
February 1, 2019

A staggering one in three respondents don't have a cybersecurity emergency-response plan in place.

It’s now more costly than ever to be without adequate cyber protection. A new report by Radware shows that the average cost of a cyberattack now exceeds $1 million.

$1 million.

This is a rather high price tag, for small business and enterprise organizations alike, and the impact goes deeper than money. The level of attacks and the outrageous accompanying cost make it extremely difficult for businesses to recover.

Radware’s 2018-2019 Global Application and Network Security Report notes that the top impact of cyberattacks is operational/productivity loss (54 percent), with negative customer experience (43 percent) coming in close on its heels. What’s more, 45 percent of those surveyed said the goal of the attacks they suffered was service disruption. Thirty-five percent said the goal was data theft.

“While threat actors only have to be successful once, organizations must be successful in their attack mitigation 100 percent of the time,” said Anna Convery-Pelletier, chief marketing officer for Radware. “A cyberattack resulting in service disruption or a breach can have devastating business impacts. In either case, you are left with an erosion of trust between a brand and its constituency.”

It’s a vicious cycle. As the number of organizations under attack rises, so does the cost of attack mitigation. Most organizations can say they’ve have experienced some sort of attack within the course of a year, with only 7 percent of respondents claiming not to have experienced an attack at all. Twenty-one percent reported daily attacks, which is a significant hike from 13 percent in 2018.

It’s not just the frequency of attacks either; they’re becoming more ferocious and effective. More than three in four (78 percent) respondents hit by a cyberattack experienced service degradation — or worse, a complete outage.

Even with these rising numbers, a staggering one in three (34 percent) respondents don’t have a cybersecurity emergency-response plan in place.

It’s easy and even a bit cliché at this point to say that organizations must be primed and ready to be successful in their attack defense. Of course they should be. But the twist for MSPs is that they have to be right all of the time, for each customer network. So what’s the answer?

OneAffiniti, the channel partner-marketing company, recently surveyed small to medium-size businesses in the U.S., asking for their use of certain technologies now and within the next 12 months. Advanced security was the No. 1 priority for businesses investing within that time frame. It suggests that cybersecurity is a constant struggle for most businesses, and that the need to invest in newer, more advanced and (hopefully) more effective systems is effectively endless.

OneAffiniti’s Chris Jowsey

“The nature of IT security is changing, from a technology-only play to a more holistic approach, incorporating business processes and staff,” said OneAffiniti CMO Chris Jowsey. “The challenge for partners then is being able to offer both the technical support and business/people process changes required to successfully mitigate attacks.”

Needless to say, this puts MSPs under an unbelievable amount of pressure. When you have customers asking the tough questions like, “How are you going to ensure this doesn’t happen to me?” how do you answer confidently?

“The issue of security is that …