We all know that DDoS attacks are capable of causing massive inconvenience, but according to a new survey they can have major financial and data loss implications too.
The study of over 5,000 companies by Kaspersky Lab finds that almost one in three DDoS attacks coincides with a network intrusion.
According to the research, 20 percent of businesses with 50 or more employees have suffered at least one DDoS attack. Furthermore, over a quarter of attacks lead to the loss of sensitive data, an unexpected and damaging consequence of a DDoS attack. Small businesses are most likely to lose data as a result of a DDoS attack -- 31 percent of SMBs reported data loss compared with 22 percent of larger enterprises.
There's a financial cost too. On average, a DDoS attack costs SMBs more than $50K in recovery bills, which is significantly more than the typical costs they face recovering from other types of attack. Larger enterprises spend a lot to recover from a third-party failure or cyber espionage attack, but a typical financial loss for enterprises from a DDoS attack is $417,000, below average compared to recovery from other types of attacks.
Most DDoS attacks only last for a few hours but in that time can cause complete disruption to a service. However, some attacks are even more damaging, nine percent causing a service to go dark for between two days and a week, and seven percent lasting for several weeks or more.
"Businesses have to re-evaluate their perception of a DDoS attack. The report clearly shows that the damage scope from such attacks goes far beyond the temporary downtime of a corporate website", says Evgeny Vigovsky, head of Kaspersky DDoS Protection at Kaspersky Lab. "Companies report total disruption to their operations, and in some cases -- loss of sensitive data. Still, many businesses feel that a mitigation strategy is too complex and expensive to implement. The solution to this is straightforward: vendors have to take technical challenges upon themselves, offering an easy to implement and use solution to clients. This is the approach that we have chosen for the Kaspersky DDoS Protection solution".
The full Corporate IT Security Risks Survey is available to download from the Kaspersky website.
Image Credit: sibgat / Shutterstock