The Business Impact of Cybersecurity (Part Two)
In the second of a two-part series, we outline the cost benefits of protecting against DDoS attacks.
In the first article of this two-part series, we looked at one of the most prolific types of cyberattacks launched by adversaries: distributed denial of service (DDoS) attacks. In just the last six months of 2021, there were more than 9.7 million DDoS attacks—and they’re increasing in number every day.
But chances are you’re well aware of the devastating impact DDoS attacks can have on an organization. So instead of simply throwing frightening statistics at you, we wanted to deeply explore and explain the benefits and key challenges that organizations face when considering dedicated DDoS protection.
Therefore, we commissioned a Total Economic Impact™ (TEI) study from Forrester Consulting. Forrester compiled data from interviews with IT and security decision-makers with four companies in North America and Europe that have implemented NETSCOUT Omnis Arbor Edge Defense (AED). Omnis AED uses stateless packet-processing technology and contextual threat intelligence to automatically detect and stop inbound DDoS attacks.
Using the data gathered from the four organizations, Forrester created a composite organization to better explain the cost-benefit analysis involved when considering NETSCOUT’s DDoS protection. In this article, we use findings from the Forrester TEI study to delve into the potential financial benefits—both quantified and unquantified—for companies that utilize Omnis AED for DDoS protection.
It’s no surprise that organizations often want to skip right to the financial implications of things like dedicated DDoS protection. Facing steep inflation, massive disruptions in supply chains and the looming threat of recession, that’s completely understandable. So let’s start with the quantifiable benefits of dedicated DDoS protection.
As do many organizations, the four used in the study utilized limited threat protection before switching to Omnis AED. This includes things like basic firewalls and routers. For its analysis, Forrester assumed that the composite organization would experience five significant DDoS attacks annually with the potential of taking down critical servers and data centers. The average business loss for each attack was placed at $500,000, including lost revenue caused when customers and employees were unable to access essential services and key applications.
Likewise, Forrester took into account risk factors that might skew the total, including greater or fewer DDoS attacks and increased or decreased business losses from those attacks. The final analysis of the research shows that by using Omnis AED, the composite organization saved $4.7 million over three years, solely from improved DDoS protection.
The research also looked at the financial implications for network engineers and security analysts, who said that prior to using Omnis AED, they spent hours conducting network and traffic analysis to troubleshoot and create valuable data reports. Following the implementation of Omnis AED, analysts gained efficiency for troubleshooting application failures and creating reports through improved traffic data visibility—all of which was estimated to save $230,500 over three years.
Likewise, the study estimated that each security engineer was able to save 144 hours per year through improvements in the time it takes them to detect and respond to DDoS attacks. Because Omnis AED automatically mitigates DDoS attacks, it reduces the burden on security engineers to investigate, validate and respond to attacks. These time savings can then be used to work on other high-priority tasks and projects, the monetary value of which Forrester estimates to be $83,700 over three years.
Overall, Forrester determined that by utilizing Omnis AED, the composite organization gained almost $3.4 million (present value) in benefits over three years—for a return on investment of 201%. In addition, the study estimates that payback was achieved in seven months through a combination of improved DDoS protection, increased operational user productivity and reduction in time to respond to and mitigate DDoS attacks.
Obviously, it’s not always easy to place a monetary value on benefits an organization receives by implementing improvements in technology. Nevertheless, the study shows a number of unquantifiable benefits that interviewed decision-makers attributed to Omnis AED, including:
- Improved application uptime through automated traffic filtering: By monitoring every packet of both inbound and outbound traffic and automatically filtering that traffic, organizations can use connected threat intelligence feeds to block new threats. Similarly, organizations gain improvements in both application uptime and security posture.
- Improved compliance and governance: Compliance teams can highlight DDoS protection when Omnis AED is a part of security protocols. So, for instance, auditors who assess an organization’s cyber programs can easily see the controls in place. Moreover, organizations see overall improvements in compliance because of better network control.
- Improved peace of mind and brand reputation: Every organization in the world is familiar with the massive impact that a DDoS attack can have, especially when companies are forced to pay huge ransoms when hit with DDoS extortion attacks. But attacks can also have a devastating impact on an organization’s reputation, as customers, employees and other stakeholders lose confidence their data is being protected as it should be. Omnis AED gives organizations security protocols and solid protection against these attacks—something that provides peace of mind, while also strengthening brand reputation.
While the findings of the study might not provide you with an apples-to-apples example of how your company could benefit from dedicated DDoS protection, it certainly will enable you to better understand the potential impact it could have. There’s no question that attackers continue to improve their methods for getting at the most valuable resources of all organizations. Understanding the hard and soft benefits of dedicated DDoS protection is an important step to protecting against those attacks.