Each critical IT incident costs organizations a mean of $141,628, a Quocirca/Splunk report states. This adds up, considering the same report says organizations face such incidents five times a month.
Each critical IT incident costs organizations a mean of $141,628, a Quocirca/Splunk report states. This adds up, considering the same report says organizations face such incidents five times a month.

On average, organizations experience a critical IT incident five times per month, with each one costing a mean of $141,628, according to a new report, based on a study conducted by research firm Quocirca on behalf of big-data company Splunk.

Of this total amount, IT department costs account for $36,326, while the remaining $105,302 is comprised of downstream costs to the business. Extrapolating these numbers over the course of a full year, these high-severity events would cost close to $8.5 million.

For the purpose of this study, Quocirca surveyed 1,000 senior IT managers in nine countries. Among these respondents, 70 percent said that a past critical incident -- such as a data breach, ransomware infection of distributed denial of service attack -- damaged their organization's reputation. And yet, 96% of survey-takers admitted that their organizations are failing to learn from previous incidents, and 80 percent said that their mean time to detect incidents can still be improved.

Based on survey responses, the mean time to repair such critical incidents is 5.81 hours, the report notes.

Of course, not every incident is critical in nature. On average, organizations are experiencing 1,200 IT incidents of varying severity per month.

Another new report, based on a study conducted by Ponemon Research on behalf of Radware, similarly reveals how IT departments can become overwhelmed responding to incidents. Of 600 surveyed CISOs, 45 percent of them revealed that they experienced a data breach in the last year, and 68 percent said they lack confidence that they can keep their corporate information safe. Moreover, only 27 of respondents who specifically work in the healthcare industry said they felt confident they could protect patients' medical records.

The study's primary focus in on web application security, including how it can be impacted by bot-driven web traffic. One on three CISOs surveyed for the study acknowledged that their organizations are unable to differentiate between good bots and bad bots, even though in some cases bots represent more than 75 percent of a company's total web traffic.