The average cost associated with a DDoS attack is assessed in the survey at approximately $500,000.
The average cost associated with a DDoS attack is assessed in the survey at approximately $500,000.

The average distributed denial-of-service (DDoS) attack costs a business roughly $40,000 per hour, according to an Incapsula survey. Since 49 percent of incidents last between six and 24 hours – 86 percent of respondents reported that an average attack lasts 24 hours or less – the average cost associated with a DDoS attack is assessed in the survey at approximately $500,000. 

To learn how DDoS attacks impact businesses, Incapsula surveyed 270 North American organizations – 80 percent of which are headquartered in the U.S. – that have anywhere from 250 to 10,000 employees.

Igal Zeifman, product evangelist and researcher at Incapsula, told SCMagazine.com in a Thursday email correspondence that companies stand to lose some or all of their revenue per hour when hit by a DDoS attack. As an example, Zeifman noted that $1 billion in annual revenue amounts to $114,155 per hour, so “every hour a large business operates is worth a lot of money.” And the cost of DDoS attacks goes beyond lost revenue. Organizations that are victims of DDoS attacks incur costs from loss of customers, brand damage, legal fees, and wasted staff time, he added.

In the survey, 52 percent of respondents said they had to replace hardware or software, 50 percent had a virus or malware installed or activated on their network, 43 percent experienced loss of consumer trust, 33 percent acknowledged customer data theft, and 19 percent suffered intellectual property loss – 60 percent reported having two or more of these consequences.

Within the company, 35 percent of those surveyed indicated that IT takes the largest financial hit, but 23 percent named sales, 22 percent named security and risk management, and 12 percent named customer services.

“Sales is hit with responding to angry customers who may leave, or threaten to leave, the business they had contracts with, for example a SaaS vendor or hosting provider with a service level agreement,” Zeifman said. “Sales may also miss its number, for example an online retailer knocked offline on Cyber Monday.”

Additionally, five percent named marketing and public relations, and two percent named legal.

“Marketing often has to communicate with customers and repair their reputation with customers and the market,” Zeifman said. “Legal is involved in negotiations over SLA violation, potential lawsuits, and potentially with regulatory filings in the financial services industry.”