Incapsula conducted a survey of IT professionals and found the average distributed denial of service (DDoS) attack cost their clients $500,000. The survey focused on mid- and large-size clients (250 – 10,000 employees), so this cost estimate won't apply to IT consultants who work with smaller businesses.
Regardless of how big your client's business is, new research about DDoS attacks paints a surprising picture. Here's a summary of the findings:
- 72 percent of the companies affected by DDoS attacks had less than 5,000 employees.
- 66 percent of attacks lasted longer than six hours, which means most companies lose at least one workday.
- 52 percent of attacks required IT departments to repair or replace hardware or software.
- 40 percent of attacks flooded company servers and network infrastructure, while 25 percent targeted specific applications (33 percent did both).
Why should you care about DDoS attacks? We'll examine this issue in more detail below, but for now, you should know that the high cost of DDoS attacks often prompts clients to file a lawsuit against their IT consultant.
Let's take a look at what factors influence the cost of DDoS attacks and how these threats are evolving.
Understanding the Costs of DDoS: More Than Just IT Expenses
While a DDoS attack often costs IT departments time and money, its true impact extends throughout an organization. When asked what area of their company had to pay the most significant financial costs for a DDoS, over 30 percent of survey respondents said IT, but the other common answers might surprise you:
- 23 percent said customer sales suffered the biggest loss.
- 12 percent said their call center had the highest expenses.
- 5 percent said the company's marketing / public relations felt the biggest impact.
Another way of looking at these statistics is to say that 40 percent of the time, a DDoS attack costs a company's sales, customer service, and marketing more than its IT department. A cyber attack damages customer trust, loses data, and tarnishes a business's reputation with other businesses.
Is DDoS the New Data Breach?
DDoS attacks aren't new, but that doesn't mean that these attacks don't evolve as hackers learn new techniques and technology changes.
In its annual report of DDoS attacks, Neustar found that cyber criminals were using DDoS attacks as part of more sophisticated, multi-pronged cyber attacks that also steal data.
Hackers sometimes use a DDoS attack as a "smokescreen," which allows them to pilfer data from a company while also shutting down its servers and overwhelming its IT. More than half of DDoS attacks in 2013 included this style of attack. Cyber criminals stole…
- Customer data.
- Business IP.
- Electronic funds.
To make matters worse, DDoS attacks have gotten stronger and more common. With greater bandwidth available to hackers, 2013 featured an unprecedented number of attacks.
Why You Can Be Sued for a DDoS Attack
After a DDoS attack, a business suffers significant financial losses and other damages they could look to remedy by suing their IT contractor. As a system admin or IT professional, you can be found liable for problems with the software and solutions you set up for clients. Even if you didn't design the software you use, you're liable for its performance.
In short, a $500,000 DDoS attack could lead to a $500,000 lawsuit filed against an IT contractor. These costly lawsuits are one of the reasons that many IT consultants get technology Errors and Omissions Insurance, which pays for legal expenses when a client alleges you didn't do your job properly.
If you're looking for more information about lawsuit insurance for tech professionals, see our sample E&O Insurance quotes.