Preventing Cyberattack Penetration Can Save Enterprises Up To $1.4 Million Per Incident

Ponemon Institute finds that 70% of security professionals believe the ability to effectively prevent cyberattack penetration strengthens their security posture, yet only 24% are focused on optimizing prevention capabilities –majority focus on detection and containment instead

Today, the Ponemon Institute released its latest report, “The Economic Value of Prevention in the Cybersecurity Lifecycle”. The independent study, sponsored by Deep Instinct, determined for the first time that the economic value of cyberattack prevention – which takes into account the entire cybersecurity lifecycle of detection, containment, remediation, and recovery – ranges from $396,675 to $1,366,365, depending on the nature of the attack.

The study also found that while the overwhelming majority of cybersecurity professionals (70%) felt the ability to prevent attacks from penetrating their networks would improve their cybersecurity posture and reduce the cost of an attack, only a relatively small 21% of budgets are allocated to attack prevention. 79% of budget allocation is delegated for detection, containment, recovery and remediation activities.

The study determined that effective adoption of a preventative solution – when compared to the current spending of security departments and the cost of attacks – would result in significant cost reductions and require lower overall investment.

“This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute. “Prevention of cyberattacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber breaches, we expect budgets to start allocating increased resources to preventative solutions given the amount of money they save.”

The clear benefit of prevention is reflected by the 67% of respondents who believe the use of automation and advanced AI such as Deep Learning would improve their ability to prevent attacks, and that, despite the current perceived difficulty, they intend to implement these technologies within the next two years.

“What this study shows is that most companies are still operating under a policy of ‘assume breach,’ believing that it is more pragmatic to contain a cyberattack after penetration. This is no longer an economically viable long-term strategy,” said Guy Caspi, CEO and co-founder of Deep Instinct. “The value of prevention is clear – for any type of attack, prevention saves significant time and money. Deep learning-powered cyber solutions, which are uninhibited by the human limitations that define machine learning-driven solutions, are uniquely suited to provide preventative protection for enterprises and drive down the costs of attacks.”

Additional key findings from the report include:

  • With an average budget of $13 million for IT security, 50% of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture, and only 40% believe their budgets are sufficient.
  • Prevention is perceived to be the most difficult to achieve in the cybersecurity lifecycle according to 80% of respondents. The reasons cited are that it takes too long to identify, insufficient technology and lack of in-house expertise.
  • Organizations are more effective at containing cyberattacks. 55% of respondents feel that they can contain attacks after they happen, and this priority leads IT teams to allocate larger portions of their budgets to containment, rather than prevention.

The study surveyed over 600 IT and IT security practitioners who are knowledgeable about their organizations’ cybersecurity technologies and processes. Most of these respondents are responsible for maintaining and implementing security technologies, conducting assessments, leading security teams and testing controls.