The cost of a data breach or malware infection extends well beyond the dollars spent on responding and addressing security issues — productivity takes a big hit as enterprises and consumers spend countless hours dealing with the threats, according to a joint study from IDC and the National University of Singapore (NUS).
While researchers predicted that enterprises around the globe will spend around $500 billion in 2014 on making fixes and recovering from data breaches and malware, consumers worldwide will likely spend $25 billion as a result of those security threats.They'll also waste 1.2 billion hours dealing with their after-effects, according to “The Link Between Pirated Software and Cybersecurity Breaches,” which surveyed 951 consumers as well as 450 CIOs and IT managers. The study was released by Microsoft as part of its global Play It Safe campaign.
While organizations believe that criminals will account for the lion's share — two-thirds, or $315 billion — of potential losses in the coming year, employees are the culprits in installing 20 percent of pirated software that give them ingress.
The study noted that consumers and enterprises have a 33 percent chance of finding malware when they install pirated software or purchase a PC with pirated software installed. In fact, in conducting forensic analysis on 203 PCs purchased in 11 countries and with pirated software installed, researchers at NUS discovered that 61 percent of the computers were infected with malware.
When asked to rank their biggest fears regarding security threats, 60 percent of consumers named loss of data or personal information and 51 percent identified unauthorized access or online fraud in their top three. Ironically, though, that fear doesn't drive consumers to better protect themselves — 43 percent reported that they don't routinely install security updates.
Of greater alarm, 75 percent of CIOs claimed software installed by employees created problems and 71 percent of CIOs and IT managers said their organizations had programs to audit software on end-user computers. But only 39 percent conducted such audits less than once a year, meaning that more than half of those PCs don't get audited effectively.