The Business Impact of Cybersecurity (Part One)
In the first of a two-part series, we examine the financial implications of protecting against DDoS attacks.
The cost of global cyberattacks is expected to grow by 15% per year over the next five years, driven in part by the increased frequency of DDoS attacks in recent years. In the first half of 2022 alone, Netscout’s ATLAS Security Engineering Research Team (ASERT) reports an average of more than 11 attacks occurred every minute.
While those figures are certainly eye-catching, what do they actually mean for companies that are attacked? To answer those questions, we commissioned Forrester Consulting to develop a Total Economic Impact™ (TEI) study to help companies better understand both the quantified and unquantified benefits of Omnis Arbor Edge Defense (AED). Likewise, the study can help key business stakeholders better illustrate and justify the tangible value of Omnis AED.
The largest benefit quantified in the study assesses the financial implications of mitigating distributed denial of service (DDoS) attacks, which target a product or service with the goal of disrupting normal traffic by overwhelming the target system or resource with a flood of internet traffic. In fact, in just the last six months of 2021, there were more than 4.6 million DDoS attacks—and that figure is expected to continue growing.
To better understand the benefits, costs and risks of NETSCOUT’s dedicated DDoS protection, Forrester compiled data and interviews with IT and security decision-makers from four companies in North America and Europe that represent four different verticals: IT services, investment management, logistics and government. All of these companies have implemented NETSCOUT Arbor Edge Defense (AED), which uses stateless packet-processing technology and contextual threat intelligence to automatically detect and stop inbound DDoS attacks and other cyberthreats.
Data from these interviews was used by Forrester to develop a return on investment (ROI) analysis for a hypothetical composite organization: a global financial services firm with $35 billion of revenue and 250,000 employees. Forrester assumed such a company would—without NETSCOUT Omnis AED—have five significant DDoS attacks annually that would take down critical servers and data centers, resulting in an average of $500,000 business loss per attack.
The IT and security decision-makers interviewed for this research discussed two primary challenges faced when attempting to combat DDoS attacks:
- DDoS attacks are increasing in both volume and complexity: As discussed above, threat actors continue to ramp up the volume of DDoS attacks they’re launching against companies around the world. In the Forrester study, the director of global information technology at the IT services firm says the number of DDoS attacks on his company’s internet perimeter were “increasing day by day.”
- In addition to adding stress to already-overloaded IT and security teams, these attacks also take down key server operations and limit service accessibility. As a result, the Forrester study concludes, companies need a solution that takes proactive measures to automatically detect and mitigate DDoS attacks.
- Manual legacy security protocols provide limited protection: The four decision-makers revealed that prior to implementing Omnis AED, their security teams had been using basic tools like firewalls and processes to manage cyberattacks—none of which specifically protected against DDoS attacks. Moreover, the legacy solutions required teams to spend critical time on analysis and data correlation, prolonging timelines to detect and respond to attacks.
- The result, according to the global head of information security at an investment management firm, provided limited visibility and incomplete protection from DDoS attacks. The global head of information security at the investment management firm says the team’s time-consuming process of creating threshold limits on firewall events resulted in limited visibility and incomplete protection from DDoS attacks. Beyond that, the team had no “built-in protections when it came to DDoS attacks.”
Financial Implications of a DDoS Attack
Moreover, the interviewees discussed the financial implications their companies faced from a successful DDoS attack. The director of global information technology at an IT services firm says a DDoS attack could mean eight hours of downtime for their servers. With 100,000 users unable to access applications for work, the result would be an 80% reduction in employee productivity.
Likewise, the manager of cyberdefense center engineering for the logistics company says a potential DDoS attack would affect critical applications and estimated losses would be as much as €1,000 per hour.
But what are the potential benefits—both quantified and unquantified—for companies that utilize Omnis AED for DDoS protection?
Be sure to check out the second article in this two-part series next month to see how Forrester determined that by utilizing Omnis AED, its composite organization experienced overall cost benefits of more than $5 million over three years—at an ROI of 201%—including improved DDoS protection, increased operational user productivity and improved time to respond to and mitigate DDoS attacks.