With all that’s been happening in the cybersecurity industry in 2020, we’re all probably wondering the same thing - what is the damage of cyber attacks going to cost in 2021?
And, more importantly, what is investing in proper cybersecurity technologies going to cost?
While the dilemma “Cost of Cyber Attacks vs. Cost of CyberSecurity” has been a hotly debated one in recent years, we believe that now more than ever, without a shred of doubt, one is the clear winner. And you’ll find exactly who in the remainder of this blog.
Cyber attack costs and statistics in 2020
The increasing scale of threat activity in 2020 was dominated by a number of factors, including:
Better cyber threat technology making cyber criminals more efficient
Growing number of remote workers connected on poorly protected networks
Increased vulnerability in the health and finance sector
Motives for the increased number of attacks we witnessed in 2020 were numerous, including monetary intentions, inflicting reputation damage, political incentives, and so on.
Ultimately, the damage caused by cyber attacks on a global scale in 2020 was devastating, to say at least:
238% rise of attacks in the finance sector
80% of all companies detected a spike in cyber attacks
Cloud-based attacks increased by 630% between January and April 2020
Ransomware attacks increased by 148%
Phishing attempts increased by 600%, according to Purplesec
27% of all attacks targeted either financial institutions or healthcare institutions
All of this culminated in the inevitable rise of the damage inflicted by cyber attacks. In general, the average cost of a cyber attack in 2020 was around $133,000. That is the total average of all types of cyber attacks.
With such lucrative end results for hackers and other malicious actors, it comes as no surprise that cyber crime costs have grown 15% per year annually over the last 5 years.
Cyber crime cost prediction in 2021
2021 is looking to set infamous records in terms of cyber attack costs, as the damage of cyber crime is expected to exceed $6 trillion in 2021, according to Cyber Security Ventures. Which, compared to the $3 trillion in 2015, looks like a scary prediction for every cybersecurity team.
In 2021, it is predicted that a cyber attack will occur every 11 seconds. Which, compared to 2016 when a cyber attack was registered every 40 seconds, it is nearly 4 times the amount of threats SOC teams will have to deal with.
Furthermore, ransomware attacks are going to cost the world somewhere around $20 billion in 2021, which is a whopping 57 times more than the cost of ransomware attacks in 2015 ($325 million).
Cybersecurity predictions in 2021: Investing in a strong SOC is a must
The turbulent threat landscape is giving headaches to every CISOs, but the unaltering reality remains that cybersecurity is going to play a crucially important role in 2021.
Now, one of the main strategies that hackers are going to implement in 2021 is bombarding a targeted organization with false positives. False positives are false attacks whose only purpose is to overwhelm the SOC analysts and waste their time so that the true attack goes by undetected.
So, considering that an organization receives thousands of false positives on a daily basis, the math is quite simple:
According to Infosecurity Magazine, a poll of C-level security executives noted that over 37% of the correspondents stated that they receive over 10,000 alerts every month and that over 52% of those alerts were false positives.
Now, it usually takes a SOC analyst around 10 minutes to assess a false positive. And, the time necessary to assess 52,000 false positives on a yearly basis, would take around 866 hours, or translated into 40-hour workdays, roughly around 21.65 weeks.
It would 5 SOC analysts to analyze all those false positives, and given that the average salary of a SOC analyst is $88,000, their yearly salaries combined would amount to a total of $440,000. And the worst part is they still wouldn’t be able to efficiently tackle every threat.
All in all, it would take $440,000 just to invest in false positives hunting. Not to mention the remediation phase, proactive threat hunting, and constant breach monitoring.
The skill shortage phenomenon in the cybersecurity industry is a direct result of SOC analysts being overworked and overwhelmed with menial, repetitive, and unchallenging tasks.
Naturally, CISOs want to form effective and well-oiled SOC teams that are prepared to intercept threats as they arrive in real-time. And, in order to keep the SOC analysts sharp and satisfied with their job, SOC analysts would have to be replaced with a machine learning, AI-enhanced security technology that is capable of reproducing the same courses of actions as the SOC analyst.
How SOAR can maximize cybersecurity ROI in the years to come
As threats become more sophisticated and numerous, organizations will need to dig into their pockets and invest more in cybersecurity. But there is a difference between investing more and investing smart. And investing smart is particularly important in 2021, as CISOs will want to make every penny count, due to the economic instabilities witnessed in 2020.
In 2021, virtually every organization is going to need a technology that can multiply the ROI of their resources, and in the cybersecurity domain, the best technology that acts in that way is SOAR.
SOAR allows SOCs to get more done with fewer resources and in less time.
By relying on security orchestration and automation, SOAR directly impacts a SOC’s ability to perform better threat hunting, automate repetitive tasks, and successfully eliminate false positives.
Let us demonstrate the sheer power of our Cloud SOAR solution in numbers:
Improves the effectiveness of your SOC team 10x
Enhances your Incident Response Time by 80%
Increases the number of resolves incidents by 300%
Over 500 alerts are triaged in less than 55 seconds each per day
Successfully nullifies false positives
Cloud SOAR allows your SOC analysts to focus on the threats that really matter, as it relies on its machine learning engine to successfully distinguish false positives from false negatives.
This capability provided by Cloud SOAR resolves two major problems at once:
By taking care of false positives, SOCs will be able to relocate their resources in a more productive way
And, it also resolves the skill shortage problem, as it allows SOC analysts to focus on more challenging threats instead of spending their time assessing the flood of false positives.
Not only will investing in a SOAR solution exterminate the false positives/skill shortage problems, but it will make your entire SOC more effective as it allows everyone onboard the SOC team to have better visibility, perform more actions in less time, and also improve their threat hunting capabilities.
Conclusion: Cost of cybersecurity vs. Cost of cyber attacks
In terms of ROI, the cost of cybersecurity compared to the cost of cyber attacks can be much, much smaller. But, that is all dependent on whether or not you invest in smart cybersecurity solutions, like SOAR.
If you don’t bring the powers of progressive automation to the table, the sheer number of false positives will take up most of your SOCs time, and that will only bring you poor results, unhappy SOC analysts, and lots of unassessed cyber threats that may end up breaching your systems.
So, as you can see, the cost of cybersecurity doesn’t have to be hefty, as long as you invest smart and reinforce your SOC team with one of the best SOAR solutions in the market - Cloud SOAR.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.