Symantec recently released the results of a study where IT security pros revealed their companies’ level of security deployment. About 53 percent of the survey participants said that in the case of a cyber-incident, the organization suffered lost productivity and labor costs for the IT staff to resolve issues, revenue loss, lost data and brand damage. Cyber-incidents cost organizations $558,000 in revenue losses, $480,831 in brand damage, $366,301 due to compliance fines, and $174,309 in lost productivity, the survey found.
Symantec surveyed 1,425 professionals working in IT, of which one-third were C-level executives. Each respondent was scored based on their responses to what kind of protections the organization had deployed.
Organizations that employed Data Loss Prevention technologies in addition to Intrusion Prevention/Detection, SIEM and other, more traditional security methods were called “top tier” by the survey. Those that were much less vigilent were call “bottom tier” based on low levels on security deployment. The “top tier” organizations in the survey were 2.5 times less likely to experience a major cyber-attack, and 3.5 times less likely to experience downtime compared to other enterprises, according to Jason Nadeau, director of product management.
Bottom tier organizations suffered 2,765 hours in downtime, compared to the 588 hours suffered by the top-ranked organizations. Those organizations reported 859 hours downtime for mobile devices, 828 hours for desktops and notebooks, 241 hours for servers and 837 hours of “widespread downtime.”
All of this is good ROI calculation data. Consider the costly damages to brand. Attacks where data is lost or compromised are usually the highest profile and most undermine the confidence of customers in the company affected. I think the awareness of these facts are the reason why so many of my customers are considering DLP in their near futures.