A single DDoS attack can cost a company over $1.6 million, though that figure depends to a large extent on how quickly the attack is detected, according to the Corporate IT Security Risks 2016 study conducted by Kaspersky Lab and B2B International.
Companies of various sizes affected by DDoS attacks over the last 12 months were asked what costs they incurred as a result. It turned out the biggest expenses for medium and large companies (20% and 19% respectively) were caused by changes to their credit and insurance ratings, which is hardly surprising considering many DDoS attacks become public knowledge.
For small companies, the largest DDoS-related expenditure item was overtime payments to employees (17%). DDoS attacks are also cited as one of the top five threats that can force companies to hire new employees, with 37% of organizations that fell victim to such attacks planning to significantly increase their IT staff.
Other major DDoS-related costs included PR expenses to restore a company’s reputation (9%), upgrading IT infrastructure and software (10%), staff training (10%) and customer compensation (12%).
This can bring the average cost of a DDoS attack to about $106,000 for smaller companies and more than $1.6 million for enterprises. One important finding from the study was that if an attack is detected in the first 24 hours, the costs can be almost halved compared to an attack detected over a day later.
“A single DDoS attack can disable the online services for long periods of time, damage the company's reputation and deprive it of its current or future customers,” says Alexey Kiselev, Project Manager on the Kaspersky DDoS Protection team.
“There have been incidents where prolonged DDoS attacks have led to the bankruptcy and closure of successful online businesses. Proactive protection allows a company to quickly detect an ongoing DDoS attack and, in the case of a solution like Kaspersky DDoS Protection, to find out as soon as an attack begins thanks to the DDoS Intelligence system, thereby warding off any potential risks.”