DDoS attacks can be extremely disruptive to business but it can be hard to quantify that disruption in financial and business terms.
A new report by security company Incapsula collates responses from 270 North American organizations of varying sizes to gauge the true impact of attacks. The findings indicate that DDoS attacks are relatively common with 45 percent of the respondents indicating their organization has been hit at some point. Of these, almost all (91 percent) reported an attack during the last 12 months, and 70 percent were targeted two or more times.
Larger organizations are more at risk with those having over 5,000 employees most likely to suffer an attack. The attacks tend to be short-lived though with 86 percent reporting a duration of 24 hours or less.
Motives for attacks vary too with respondents pretty evenly split between those who had and hadn’t received a ransom note as part of an attack. 40 percent believe perpetrators were attempting to flood their organization’s network, 25 percent surmised they were trying to cause an outage by targeting specific applications, and 33 percent believe that both were the motivating factors.
In terms of business impact, 49 percent of DDoS attacks last between 6-24 hours so with an estimated cost of $40,000 per hour, the average DDoS cost can be assessed at about $500,000, though some are significantly higher. Costs aren’t limited to the IT department either, they can have a large impact on security and risk management, customer service, and sales.
Among companies that had been targeted, 87 percent experienced non-financial consequences, such as loss of customer trust, loss of intellectual property, and virus/malware infection. 52 percent had to replace hardware or software, 50 percent had a virus or malware installed/activated on their network, and 43 percent experienced loss of consumer trust. Also 33 percent admitted to customer data theft, and 19 percent suffered intellectual property loss.