Many organisations have no clue how much one minute of internet downtime costs them, or haven’t stopped to think about it, says Tom Beinkowski, Director of Product Marketing at Arbor Networks. As a result, they greatly underestimate the impact of one of the most common causes of downtime – DDoS attacks. Almost every organisation now depends on the internet for doing business, and the consequences can be most unpleasant when it’s cut off.
The cost of internet downtime was one of the survey questions addressed to enterprise, government and education organisations in Arbor Networks’ latest Worldwide Infrastructure Security Report. Nearly two-thirds of survey respondents estimate the costs to their organisation above $500 per minute, with 7% indicating more than $10,000 per minute. What’s even more interesting is that a number of respondents elected not to answer this question. Why? They had no idea how much a minute of downtime would cost their organisation.
In short, there’s real money at stake here. Even if an attack just lasts for a few minutes, it will likely cost thousands of dollars if not mitigated. If it lasts longer (or if there are many small attacks), the consequences can be huge. Here are some other data points from the report that will provide a sense of how much these attacks can cost:
- Likelihood of an attack in 2015:DDoS was the most common threat experienced by enterprise, government and education respondents, similar to earlier years. Thirty-four percent of respondents reported that their organisation experienced one or more DDoS attacks over the past 12 months. (The odds have since gone up, as we’ll see momentarily.)
- Time required to mitigate: Fifteen percent of respondents indicated that they can immediately mitigate an attack via an “always-on” tool or service. Congratulations for being proactive – it pays off! However, a full 50% took longer than 15 minutes, with 24% measuring their response time in hours.
- Attack frequency: Over one-quarter of respondents who experienced an attack indicate they suffered more than 10 attacks per month.
Do you know how much damage an attack can do to your business? Sadly, it often takes a significant event for organisations to fully grasp the potential consequences and put measures in place to stop future attacks. There are many business impacts as a direct result of DDoS attacks, which should all be factored into your risk analysis and protection strategy:
- Lost revenue
- Cost of specialised remediation and investigation services
- Regulatory penalties and/or fines
- Emergency PR work because your name is splattered all over the media
- Customer credits
- Lost productivity
- Lost customers
- Extortionpayments
- And on and on…
What are the odds that you could be attacked? Launching a DDoS attack has never been easier and more people are doing it for various reasons, which means the odds of an attack have increased over last year. Those are the findings of a recent Aberdeen Group report, Quantifying the Risks of DDoS Attacks for Network Service Providers and Traditional Enterprises. By examining historical trends and future projections, Aberdeen analysts estimate that 53% of enterprises (and 70% of ISPs) will experience one or more DDoS attacks over the next 12 months, with all the cost and disruption that follow.
Understanding the impact of a DDoS attack on your bottom line, and the odds that it could happen to your organisation, will help you make an effective decision about what countermeasures are appropriate. If you think you can afford a minute of downtime, or an hour, or longer, that’s perfectly fine – but make sure you understand how much that time is truly worth. By comparing the cost of downtime with the cost of DDoS protection, I’m confident you’ll see a fast return on investment.