Security Staff Shortages Incur Higher Breach Recovery Costs

New study measures the financial impact of a breach on a company short on IT security staff.

The shortage of skilled IT security professionals is not a new topic. Multiple reports have shed light on the talent shortage and the type of security
risks
associated with an IT department that is
short on security skills
. But a report released this week by Kaspersky Lab and partner B2B International shows the potential financial impact of being short-staffed in the security department.
The study, which surveyed nearly 5,000 representatives from companies of different sizes and industries, compared the breach recovery costs for large companies that had enough IT security staff with large companies that were light on security support. The average cost of recovery for companies with inadequate security support was between $1.2 to $1.47 million, and from $100,000 to $500,000 for companies with a strong and sufficiently staffed IT security team.
When an organization has internal IT security staff on the payroll, they become more familiar with the cyclical process of a breach and recovery and are able to learn from each incident and apply that knowledge to the organization’s security posture, says Michael Canavan, vice president of North America for Kaspersky Lab.
“This is a large reason why you see the smaller dollar amount with those incidents [at organizations with in-house security staff],” he says. They’re less traumatic because more information is known, he adds.
The survey also showed that additional staff wages make up a significant portion of the recovery costs -- $14K on average for SMBs and $126K for enterprises -- which was higher than the loss of business opportunities, credit rating, and compensation to clients and partners combined.
Candace Worley, vice president and general manager for enterprise endpoint security at Intel, points out that while nearly $1.5 million for a breach is high, the average cost of a breach is now
over $4 million dollars
per incident, according to the Ponemon Groups Cost of Data Breach 2016 report.
“If a company was unfortunate enough to experience two breaches in a year, she says, then “investing in a security staff is the better way to go.”
She also notes that in addition to labor costs, organizations have to account for the brand impact and opportunity cost of a breach in addition to the hard costs. “There’s the domino or cascade of costs,” Worley says.
Tejas Vashi, senior director of Cisco Services, says that while the industry acknowledges that many organizations need more security staff, it takes a long time to bring them on.
“Enterprises need to be proactively seeking out the talent and continuously reskilling their existing workforce,” says Vashi, adding that a proactive mindset is very important in the security space right now, for both hiring and threat mitigation. He likens the IT security landscape to a quote from Henry Ford: The only thing worse than training your employees and having them leave is not training them and having them stay.
Find the full report
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Security Staff Shortages Incur Higher Breach Recovery Costs