Cybercrime risk calculator: cost of antivirus vs cost of attack
How much money could your business stand to lose?
Most small business owners know that cyberattacks are a risk, but many underestimate the financial impact that a security breach could have on their business. With every penny spent impacting that essential bottom line, antivirus protection is sometimes seen as an unnecessary expense. But is it?
Use our tool to discover the potential cost of a cyberattack on your business and how this compares to the cost of antivirus.
Answer these questions to get a potential cost of attack tailored to your business:How many staff does your business have?
How many devices (laptops, PCs, etc) does your business have?
Please answer both questions to continue
The threat of cyberattack is real
A study by the Ponemon Institute found that the number of cyberattacks on small and medium businesses are increasing (67% in 2018 compared to 61% in 2017). The most common attacks are: phishing and other social engineering attacks, web-based attacks and general malware. There has also been a large increase in advanced malware and zero day attacks.
So, why – considering that almost all of those surveyed by Ponemon (95%) class anti-malware as an “essential and very important” security technology – is this the case?
The answer is that businesses aren’t protecting themselves. Despite the threats and knowing the importance of security solutions, just 40% of the study’s cohort had software in place to protect against cyberattacks. Most cited budget as one of the reasons for this, an understandable consideration for any business owner, but particularly those with small companies and little cash flow.
Fail to prepare, prepare to fail
Business owners and managers know that being prepared is an essential part of running a successful company. It’s impossible to know exactly what will happen to impact your business over the course of the year. A decrease in costs from your biggest supplier could increase your profit margins. An integral team member going on long-term sick leave could push you into the red.
That said, a sensible business owner will prepare for these events, building contingency into budgets and assessing the possible impact of events on reputation, cash flow, productivity and profit. A data breach or other cybersecurity incident is just one example of the unknowns faced by business owners every day, one that must be considered and prepared for within operational policies. Yes, antivirus costs money. But as you’ll likely discover from our calculator above, you stand to lose a lot more if you don’t have protection in place - the odds are against you.
Taking the time to assess the situation for your own company is paramount. Once you have weighed up the benefits of protection against the costs involved, you can make an informed decision for your company.
The case for investing in antivirus
When cash is low, why fork out on cyber protection? After all, that’s money you could be investing in other areas of your business - training, marketing, research and development. The truth is that your business can’t avoid the inevitable. 67% of small and medium businesses have had a cyberattack. If your business hasn’t had one yet, then data shows that this is not because it's impossible, or even improbable, it’s because you’ve been lucky.
Buying antivirus protection for your business shouldn’t be seen only as a necessity. It’s also good for your bottom line. The Ponemon Institute found that the best performing companies dedicate more budget to data and security (51% compared to 37% across all respondents) and are less likely to fall victim to an attack (56% compared to 67%).
The takeaway here is clear: successful companies are prepared for attacks.
The cost of antivirus
The cost of antivirus can vary greatly depending on the features that you need and the brand that you choose. Antivirus products are available for free online, but the offering is basic - a stripped-back version of the software your business actually needs to be adequately protected.
It’s also best to avoid consumer software for use within your business. While it may offer a (seemingly) similar solution, it won’t include certain features that are essential for businesses. For example, business antivirus usually includes features like network performance scans and backups that are not always present in standard consumer versions.
It’s also worth bearing in mind that consumer antivirus will be more expensive. Business products are priced with bulk-buying in mind - even small businesses have multiple devices - and you can often save further by buying licenses for two or three years, rather than annually. It all depends on the setup of your business and what will work best for you. While protection is important, so is shopping around for the software that best fits your needs.
The cost of cybercrime
According to Accenture Security - in their study of industry-leading businesses - the average cost of cybercrime has increased by 29% in the US (to over $27 million) and 31% in the UK to almost $11.5 million. The report also predicts that the global value at risk from cybercrime from 2019 to 2023 is $5.2 trillion. In short, cybercrime means a big loss for the economy. It also means a big loss for individual businesses.
We know that numbers like these can be so large as to seem meaningless to a small business but, as we’ve already established, the threat is real. Small businesses are not only targeted by cybercriminals, but are less likely to recover from an attack than big multinationals. If you haven’t already, use our calculator above - based on up-to-date research into the real costs of cybercrime - to discover how much your business could lose. Of course, these figures are averages and, if your company is the unlucky victim of an attack, may be lower for you. There is no way to know for sure, which is why we recommend comparing costs and working out what your business can really afford.
Why do cyberattacks cost so much?
When we talk about the ‘cost of cybercrime’, we actually mean the combined cost of multiple expenses, such as:
- Actual loss of cash due to the attack. That is, if your business bank account is compromised and money is siphoned.
- The immediate cost of finding out what has happened and managing the data breach. This may include hiring security consultants or paying a ransom to regain access to your systems.
- Loss of revenue from disruption to work during and after the attack. For example, losing leads or sales while staff spend time recovering lost or stolen information from suppliers or customers.
- Paying staff to work additional hours as the business catches up on time lost.
- Loss of revenue due to reputational damage. Can you guarantee that your clients and customers will stay loyal after a data breach?
When you start to break the costs down like this, even the most conservative estimates can add up to eye-watering amounts. Of course, antivirus isn’t free. And it’s only one element of a comprehensive digital security strategy - more to consider means more time and money. You may find it helpful to download our cyber protection policy template. By setting out the needs of your business, you’ll be in a better position to decide how much resource to dedicate to protecting your business’s digital assets.
Antivirus for your business is not only necessary, but is likely much cheaper than you think - especially when compared to the potential cost of an attack. Our cybercrime cost calculator offers a useful tool for assessing how much risk you can afford to take. See how much your business could lose and ask yourself: could we recover from those kind of losses and is the investment worth the expense?
This is a companion discussion topic for the original entry at https://blog.avast.com/cybercrime-risk-calculator