Cost of cyber attacks vs. cost of cybersecurity in 2021

With all that’s been happening in the cybersecurity industry in 2020, we’re all probably wondering the same thing - what is the damage of cyber attacks going to cost in 2021?

And, more importantly, what is investing in proper cybersecurity technologies going to cost?

While the dilemma “Cost of Cyber Attacks vs. Cost of CyberSecurity” has been a hotly debated one in recent years, we believe that now more than ever, without a shred of doubt, one is the clear winner. And you’ll find exactly who in the remainder of this blog.

Cyber attack costs and statistics in 2020

The increasing scale of threat activity in 2020 was dominated by a number of factors, including:

• Better cyber threat technology making cyber criminals more efficient

• Growing number of remote workers connected on poorly protected networks

• Increased vulnerability in the health and finance sector

Motives for the increased number of attacks we witnessed in 2020 were numerous, including monetary intentions, inflicting reputation damage, political incentives, and so on.

Ultimately, the damage caused by cyber attacks on a global scale in 2020 was devastating, to say at least:

• 238% rise of attacks in the finance sector

• 80% of all companies detected a spike in cyber attacks

• Cloud-based attacks increased by 630% between January and April 2020

• Ransomware attacks increased by 148%

• Phishing attempts increased by 600%, according to Purplesec

• 27% of all attacks targeted either financial institutions or healthcare institutions

All of this culminated in the inevitable rise of the damage inflicted by cyber attacks. In general, the average cost of a cyber attack in 2020 was around $133,000. That is the total average of all types of cyber attacks.

With such lucrative end results for hackers and other malicious actors, it comes as no surprise that cyber crime costs have grown 15% per year annually over the last 5 years.

Cyber crime cost prediction in 2021

2021 is looking to set infamous records in terms of cyber attack costs, as the damage of cyber crime is expected to exceed $6 trillion in 2021, according to Cyber Security Ventures. Which, compared to the $3 trillion in 2015, looks like a scary prediction for every cybersecurity team.

In 2021, it is predicted that a cyber attack will occur every 11 seconds. Which compared to 2016, when a cyber attack was registered every 40 seconds, it is nearly four times the amount of threats SOC teams will have to deal with.

Furthermore, ransomware attacks will cost the world around $20 billion in 2021, which is a whopping 57 times more than ransomware attacks in 2015 ($325 million).

Cybersecurity predictions in 2021: Investing in a strong SOC is a must

The turbulent threat landscape is giving headaches to every CISO, but the reality remains that cybersecurity will play a crucially important role in 2021.

One of the main strategies hackers will implement in 2021 is bombarding a targeted organization with false positives. False positives are false attacks whose only purpose is to overwhelm the SOC analysts and waste their time so the true attack goes undetected.

So, considering that an organization receives thousands of false positives daily, the math is quite simple:

• According to Infosecurity Magazine, a poll of C-level security executives noted that over 37% of the correspondents received over 10,000 alerts every month and that over 52% were false positives.

• Now, it usually takes a SOC analyst around 10 minutes to assess a false positive. And, the time necessary to assess 52,000 false positives yearly would take around 866 hours, or translated into 40-hour workdays, roughly around 21.65 weeks.

• It would 5 SOC analysts to analyze all those false positives, and given that the average salary of a SOC analyst is $88,000, their yearly salaries combined would total $440,000. And the worst part is they still couldn’t efficiently tackle every threat.

• All in all, it would take $440,000 to invest in false positives hunting. Not to mention the remediation phase, proactive threat hunting, and constant breach monitoring.

The skill shortage phenomenon in the cybersecurity industry directly results from SOC analysts being overworked and overwhelmed with menial, repetitive, and unchallenging tasks.

Naturally, CISOs want to form effective and well-oiled SOC teams prepared to intercept threats as they arrive in real-time. And, to keep the SOC analysts sharp and satisfied with their job, SOC analysts would have to be replaced with a machine learning, AI-enhanced security technology capable of reproducing the same courses of action as the SOC analyst.

How SOAR can maximize cybersecurity ROI in the years to come

As threats become more sophisticated and numerous, organizations must dig into their pockets and invest more in cybersecurity. But there is a difference between investing more and investing more. And investing smart is particularly important in 2021, as CISOs will want to make every penny count, due to the economic instabilities witnessed in 2020.

In 2021, virtually every organization will need a technology that can multiply the ROI of their resources, and in the cybersecurity domain, the best technology that acts in that way is SOAR.

SOAR allows SOCs to get more done with fewer resources and in less time.

By relying on security orchestration and automation, SOAR directly impacts a SOC’s ability to perform better threat hunting, automate repetitive tasks, and successfully eliminate false positives.

Let us demonstrate the sheer power of our Cloud SOAR solution in numbers:

• Improves the effectiveness of your SOC team 10x

• Enhances your Incident Response Time by 80%

• Increases the number of resolved incidents by 300%

• Over 500 alerts are triaged in less than 55 seconds each per day

• Successfully nullifies false positives

Cloud SOAR allows your SOC analysts to focus on the threats that matter, as it relies on its machine learning engine to distinguish false positives from false negatives successfully.

This capability provided by Cloud SOAR resolves two major problems at once:

• By taking care of false positives, SOCs will be able to relocate their resources in a more productive way

• It also resolves the skill shortage problem, as it allows SOC analysts to focus on more challenging threats instead of spending their time assessing the flood of false positives.

Not only will investing in a SOAR solution exterminate the false positives/skill shortage problems, but it will make your entire SOC more effective as it allows everyone onboard the SOC team to have better visibility, perform more actions in less time, and also improve their threat hunting capabilities.

Conclusion: Cost of cybersecurity vs. Cost of cyber attacks

In terms of ROI, the cost of cybersecurity compared to the cost of cyber attacks can be much smaller. But that depends on whether you invest in smart cybersecurity solutions, like SIEM.

Learn about Sumo Logic's Cloud SIEM solution.