A new report has found that mid-market companies — those with 500 to 999 employees — suffer greater losses when hit with a cyberattack than smaller or larger firms.
“White Hat, Black Hat and the Emergence of the Gray Hat: The True Costs of Cybercrime,” published by the internet security company Malwarebytes and market research firm Osterman Research, surveyed 900 security pros — 200 of which worked in the U.S., with 175 each in the U.K., Germany, Australia, and Singapore.
“Organizations of all sizes can expect to spend an enormous amount on cybersecurity-related costs that fall into three basic areas: a) budgeted costs for cybersecurity infrastructure and services, including labor; b) off-budget costs associated with major events like an organization- or function-wide ransomware event; and c) dealing with the costs of insider security breaches,” the researchers wrote.
In addition, an organization of 2,500 employees in the United States can expect to spend nearly $1.9 million per year for cybersecurity-related costs. While the costs are lower in most of the other countries surveyed, the global average exceeds $1.1 million for an organization of that size.
The survey also found that mid-market companies were impacted more harshly than other firms.
“Mid-market companies — those with 500 to 999 employees — face the most difficult challenges from a security perspective: they encounter a higher rate of attack than smaller companies and similar rates of attack as their larger counterparts, but they have fewer employees over which to distribute the cost of the security infrastructure,” according to the report.
Of those surveyed for the report, 73 percent were impacted by a security threat in the past 12 months, with a majority dealing with phishing attacks, followed closely by adware or spyware attacks.
The survey also revealed that industries often face different threats. For example, the healthcare industry was impacted more by ransomware attacks, while government agencies were more likely to be hit by Advanced Persistent Attacks (APTs) from nation-states, and financial service firms were affected largely by Distributed Denial of Service (DDoS) and Trojan attacks.