Missing security can be very expensive

The number and variety of cyber attacks has increased significantly and continues to grow. The new Cybersecurity Report from Cisco shows how much these security incidents go into money.

IT security is as up-to-date as ever since many companies have already affected been affected by cybercrime in the new year. This year marks the 10th anniversary of the cybersecurity report, analyzing the economic impact of cyber attacks on companies.

The study

3.000 Chief Security Officers (CSOs) and heads of IT security departments from 13 countries were interviewed about security concerns. A third of the affected companies are suffering financially from an attack. As a further consequence, companies regret the loss of customers.


The causes of successful attacks lie mainly in third-party cloud applications. Email is also a high risk. Two-thirds of all emails are spam, and even 10 percent of those are dangerous. The global spam level is higher than it has been in years and continues to rise.

Every attack affects money

The Cybersecurity Report shows that 29 percent of all affected companies complain about significant sales losses. And not only that: Indirect impacts on image and customer satisfaction are also caused by such attacks.


But what are the reasons for such a serious impact of cybercrime? The study shows that companies lack the know-how and time to provide IT security and prevent attacks. Also the poor compatibility of systems and missing specialists are regarded as a hurdle for IT security in the surveyed companies.

Prevent attacks

The findings of the Cybersecurity Report show that companies must act. First, security should be made a critical business priority. Executives must be sensitized to the safety measures and, of course, an increase in the budget is recommended for safety measures. Furthermore, a routine check of the networks, applications, functions and data should be introduced.

Time to Detection

“The metric is crucial for the validation and optimization of existing security processes. ‘Time to Detection’ is a suitable size for evaluating your own performance, also in benchmark with the industry and to improve the interoperability and automation of your own processes.”, says Klaus Lenssen, Chief Security Officer of Cisco Germany.

Source of title image: Evernine