Why cyber attacks are getting quicker and costlier

US IT sector jobs growth graph showing downward trajectory
(Image credit: Getty Images)

The average cost incurred by firms that fell victim to a cyber attack increased in 2023, new research shows, as hackers increasingly waged more frequent, highly targeted attacks.

The Cybernomics 101 report published by IT security specialists Barracuda Networks surveyed 1,917 IT security professionals about changes in the threat landscape over the previous year, and how their business is adapting.

The research found the average cost of responding to compromises exceeded $5 million for the first time in 2023. 

The report also found the average cost of an attack in terms of the damage it caused to IT assets, as well as added expenditures on forensic investigations, incident response activities, help desk, and customer service operations, was $2.98 million.

Moreover, forced system downtime and availability problems due to cyber attacks cost companies an average of $2.36 million in terms of revenue losses over the course of the year.

On average, the highest amount paid out for a ransomware attack in 2023  was $1.38 million, which, when considered in combination with the costs outlined above, would prove crippling to many smaller enterprises.

Time is money – rapid attacks and glacial response times

In addition to a cyber incident’s direct financial impact on an organization, the time spent recovering from these attacks is also an important factor when assessing their costs to businesses. 

According to the report, on average, it takes a technically proficient hacker approximately six hours to exploit a vulnerability in the wild.

This is dwarfed by the average time the report claims an IT security team will need to investigate, clean, fix, and document a successful phishing attack: 427 hours.

Based on an hourly rate of $72 per hour, this would mean a successful phishing attack costs firms an average of $30,744 per staff member, with a security team of five people this would total $153,720 per successful attack. 

Using insights from the ethical hackers taking part in the survey, the report estimated a technically proficient hacker could launch up to 21 attacks a day with a 43% success rate, working out to nine successful attacks a day.


Dark background and white text that says AI code, security, and trust

(Image credit: Synk)

Learn about the security issues that come from AI-generated code


Almost half of the respondents (48%) familiar with generative AI technologies said its use among threat actors will further reduce the time it takes to exploit vulnerabilities. 

Consequently, 50% of respondents said they expect the use of generative AI will increase the number of attacks a skilled hacker can launch per day.

Contrastingly, only 39% of IT security leaders reported they believe their security infrastructure is adequately equipped to protect against GenAI-powered attacks. 

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.