Security firm Kaspersky Lab has warned that cyber attacks against third-party IT services suppliers are costing enterprises 1.3 million a year.
The issues stems from vulnerabilities or poor cyber security in third-parties' infrastructure and the services they provide, which when breached affects both the supplier and their customers.
Security breaches in third-party infrastructure alone cost enterprises around 1.2 million, Kaspersky said.
"Raising IT security budgets is only part of the solution, as the most staggering losses stem from the incidents involving third parties and their cyber-failures," said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.
"While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage.
"This is because of a wider global challenge with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill."
And the situation is potentially set to get more complex as governments across the globe push to introduce new legislation on data regulation and cyber security.
Kaspersky also pointed out that despite cyber security receiving a higher proportion of IT budgets, overall budgets for technology have come down, which could mean that investment in cyber security software and services is actually being reduced.
This can be seen as concerning given the cost of security and data breaches to an enterprise has gone up, according to Kaspersky.
All this suggests that companies investing in security should proceed with caution, making sure the services they procure and use are robust enough to resist and recover from cyber attacks. And they should remember that investment in security services is far less costly than dealing with the consequences of a cyber attack or data breach.
Picture: Bigstock
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Almost half of US organizations still using Kaspersky, researchers claimNews A ban was introduced due to Kaspersky’s supposed links to the Russian government
-
Enterprises are struggling to fill senior cybersecurity roles — and it's causing staff burnout to skyrocketNews Many senior roles take months to fill, creating cumbersome workloads for mid-level staff and increased burnout
-
Kaspersky to shut down US division ahead of sales ban
News The Russian security company will exit the US and cut staff ahead of a government-imposed sales ban
-
Botnets are being sold on the dark web for as little as $99News More than 20 offers for botnets for hire or sale have been discovered on dark web forums and Telegram channels this year
-
Small businesses face continued security threats as trojan attacks surgeNews Cyber attacks on small businesses are still growing at a steady pace
-
Most passwords take a matter of minutes to crack – here’s how you can create strong, hacker-resistant credentialsNews Passwords are still criminally insecure and can be cracked or guessed by hackers with ease, but what precautions can you take to avoid getting breached?
-
Kaspersky hits back at US software ban, citing political motivations and “theoretical concerns”News Kaspersky said it has “repeatedly demonstrated" its independence from any government interference
-
US poised to ban sales of Kaspersky software – reportsNews Kaspersky has long denied any links to the Russian government
