Average Annual Cost Of Responding To Compromises Exceeded US$5 Million: Barracuda Networks

Barracuda Networks has published its Cybernomics 101 report, which examines the financial forces and profit motives behind cyberattacks. The new report reveals the average annual cost of responding to compromises exceeded US$5 million.

The report also raises the alarm over hackers exploring how they can use generative AI (GenAI) technology to increase the volume, sophistication, and effectiveness of their attacks. 50% of respondents believe AI will enable hackers to launch more attacks. The survey also identified that 71% of respondents had experienced a ransomware attack over the last year, and 61% paid the ransom.

Barracuda commissioned independent research firm Ponemon Institute to poll 1,917 IT security practitioners who manage their organisation’s IT security functions or activities. They represent companies with 100 to 5,000 employees across various industries around the globe.

The report offers insight from survey respondents who identified as ethical hackers on the most widely used attack vectors and which of these might offer the greatest return for attackers.

The research identifies the behaviours and proven security measures implemented by ‘High Performers’ that can serve as models for success. The report presents best practices that will help any organisation become more effective in identifying, containing, and recovering from attacks. They include adopting a platform approach to security rather than relying on a collection of disparate individual security tools or solutions, implementing privileged access rights to ensure that sensitive data remains accessible only to authorised individuals, and creating (and regularly rehearsing) a security incident response plan.

“While the Cybernomics 101 research underscores the harsh reality of suffering a data breach, it also underscores that organisations are not powerless,” said Fleming Shi, CTO, Barracuda. “Proactive monitoring and attack detection to prevent progression to more severe stages like data exfiltration or ransomware is key. By preparing for these scenarios today, organisations can significantly reduce the impact and cost of these incidents.”

Key findings at a glance:

  • The average annual cost to respond to cyber compromises is now US$5.34 million
  • 71% of organisations experienced a ransomware attack over the last year, and 61% paid the ransom
  • On average, the largest ransomware payments were for US$1.38 million
  • On average skilled hackers take just 6 hours to exploit a vulnerability while IT teams on average spent 427 hours per year investigating, cleaning, fixing, and documenting successful phishing attacks
  • 62% of respondents believe cyberattacks are becoming more sophisticated
  • Just 39% of organisations believe their security infrastructure is adequately equipped to protect against Gen-AI-powered security threats