Costs Double When Breaches Affect Virtual Infrastructure, Kaspersky Says

cloud_breached

The cost of a security breach could increase up to 130 percent higher when virtualized infrastructure is impacted, according to a new report from Moscow-based cyber security firm Kaspersky Lab.

The 2015 Security of Virtual infrastructure report, available here, is based on a survey of 5,500 companies of all sizes, across over 25 countries.

According to the report, the average cost of an enterprise recovery from an attack on virtual infrastructure is $800k,  double the cost of an attack on physical infrastructure. For small and midsize businesses  (SMBs) the damages can be even worse, Kaspersky’s report found that SMBs reported average damages of $26,000 from breaches to physical infrastructure, but costs increased to nearly $60,000—a 130 percent jump— when virtualized infrastructure was breached.

Cost of Data Breaches: Virtual v. Physical Infrastucture.  Kaspersky Lab

The reason for this increased cost is an increase in the use of virtualized infrastructure for so-called “mission critical” applications and a general lack of understanding when it comes to security in virtualized environments.

Virtualized Infrastructure is More Popular Than Ever

“Going virtual is not a trend anymore, but a business practice,” says the report, which found that 62 percent of respondents claimed that their company was using virtualization in some form. The percentage is even higher amongst large enterprises—some 72 percent of respondents in companies with over 1500 employees reported that their company uses virtualized infrastructure.

Improper Security Increases Cost

Despite the widespread adoption of virtualized infrastructure, many respondents did not take proper care in securing virtualized environments.

Kaspersky Lab found that 34 percent of respondents were not using security services designed for virtualized environments and were not aware of the difference between these specialized services and traditional, on-premise servers. Additionally, the survey found that another 39% were aware of the difference, but still did not use specialized services.

As the costs show, this can be a huge mistake.

“In most cases, traditional security suites do work in virtual environments,” says Kaspersky, but what might be seen as “a small performance penalty” on physical infrastructure can significantly reduce both performance and security, and thus cost benefits, when deployed across virtual machines at scale.

For more information, check out the full report here.

Jeff Edwards
Follow Jeff