Ever since coronavirus forced most people to move their businesses online, there’s been an increase in the number and/or complexity of DDoS attacks. According to a recent report, while the overall number of network-layer attacks has decreased by the end of 2020, long and exhausting attacks are becoming increasingly popular. And as technology advances, so do DDoS attack methods and strategies. They are getting more sophisticated and harder to put an end to each time.
Consequently, DDoS attacks can cause even more damage and cost their targets more than they ever have. To avoid having to pay a hefty price or potentially losing everything, business owners should beware of them and ensure proper DDoS protection.
Sadly, nobody can quantify the real cost of a DDoS attack, as reputation damage is nearly impossible to operationalize and measure. That’s probably one of many reasons why there hasn’t been too much research on the topic. Still, in this article, we will present you with some estimates to help you get the big picture.
A 2017 research from Kaspersky shows that the average cost of a DDoS attack for small to medium businesses is around $120K. In addition, large enterprises could end up paying over $2M for an attack. Last year, these figures were slightly lower, around $100K for SMBs and $1.6M for enterprises. Also, we have recent evidence of DDoS attacks becoming more sophisticated and tenacious. Thus, we can expect the average sum to be much higher today in 2021.
Ransom and extortion-based DDoS attacks have been on the rise for a while now. Therefore, aside from the actual cost of dealing with the consequences, many companies or clients end up paying hackers a large sum just to prevent or stop the attack. What’s more, even after paying, nobody guarantees that the hackers will deliver on their promise.
Nonetheless, in the same 2017 survey from Kaspersky, 33% of respondents claimed that fighting the attack came as their biggest financial burden. Other respondents, 25% of them to be more exact, stated that the largest expense was actually going offline.
After all, upon detecting an attack, companies go into panic mode. As most people aren’t prepared for such an incident, most are confused and looking to others, who are more competent, for help. Naturally, that also means that there’s an abundance of phone calls — to concerned customers, the IT staff, etc.
Speaking of IT, that’s another cost that businesses need to account for. Obviously, each member of the IT crisis team will need to be compensated for their work. Typically, such a team consists of four or more members.
Usually, it takes hours just to identify that the DDoS attack is causing issues. Then, it usually takes many more hours to combat it and gain back control of your server. Finally, the targeted businesses will also typically spend months trying to repair the damages. And unfortunately, as business owners will know, time equals money. Each hour lost certainly packs a punch to the wallet.
According to a 2018 report, the more attacks the company has seen, the longer the average downtime. Still, 36% of companies with 5 or more attacks experience an average of 7–12 hours of downtime. This number is concerning, especially when you take into account the average cost of downtime for businesses. Some studies predict this number to be around $300K per hour, while others place it somewhere between $140K and $540K per hour of downtime.
When a business relies heavily on its website, without having a backup plan, it suffers tremendously in case of a DDoS attack. For one, it loses all of its potential buyers and sales. Secondly, no matter if the company sells physical products or services, the customers’ orders will inevitably be late.
If hackers can get into a device in order to join it to a large botnet, they can also easily steal your precious data if your security solution is weak. Therefore, businesses that work with confidential client information need to be the most heavily prepared for situations like these. They should invest in complex multi-layer security solutions, without scrimping a dime. After all, not doing so could cost them their existence.
IBM’s Cost of a Data Breach Report 2020 says that the global average cost of a data breach is $3.86M. The U.S. average is the highest in the world, at a whopping $8.64M. In addition, healthcare has the highest industry average — $7.13M.
Brand Reputation Damage
Reputation damage is probably the most impactful consequence of a DDoS attack. Yet, it can’t even be measured. As if that wasn’t enough, it’s also the hardest and slowest to repair.
The 2017 Kaspersky report we mentioned earlier shows that 23% of respondents claimed loss of revenue and opportunities were direct repercussions of the DDoS attack. However, 22% said it affected them directly by harming their reputation and the relationship with their clients and partners.
Although all of the costs listed above are only rough estimates, they are shocking enough to convince any reasonable person to invest more in the cybersecurity of their business. After all, the alternative is paying ten times as much later on, when a DDoS attack occurs. There is no such thing as a free lunch!