Virtualization can double breach recovery costs

Virtualization can double breach recovery costs

While many government agencies are turning to virtualization to lower costs, these savings could disappear with a single security breach.

Enterprises pay an average of more than $800,000 to recover from a cybersecurity breach involving virtual infrastructure, , according to a recent survey by Kaspersky Lab -- an amount that is twice as much recovery from physical infrastructure security breaches.  The number is even higher – closer to $1 million – when indirect costs such as staff training to prevent future attacks are included.

There are a few causes for the cost difference. First is that organizations tend to use virtual infrastructure for their most mission-critical or sensitive data.  That means an attack on the virtual infrastructure is much more likely to result in the temporary loss of important data and an inability to operate core services, the report said.

While 36 percent of physical security breaches lead to a temporary loss of access to business-critical information, that number jumps to 66 percent when the breach affects virtual servers and desktops, the survey found. And with 77 percent of enterprises surveyed using virtualization in some form, the exposure to expensive breaches is substantial.

The second reason involves a lack of understanding about the risks in a virtual environment. According to Kaspersky, many organizations erroneously believe a virtual infrastructure is safer than a physical one (42 percent). Only slightly more than half are fully prepared to deal with a virtual breach, or fully understand the risks. And just 27 percent have installed a security solution for specifically for their virtual operations.

Finally, remediation costs escalate because addressing virtual attacks frequently require third parties, such as IT consultants, lawyers and risk management experts.

“Businesses expect that going virtual will drive down their IT spend and streamline their infrastructure,” said Matvey Voytov, Kaspersky Lab's corporate products group manager. "However, the survey results show us that if there is not enough attention paid to security matters in the virtual environment, expenses may exceed the benefit."

About the Author

Kathleen Hickey is a freelance writer for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected