DDoS attacks cost US businesses $10bn per year

Nine in 10 businesses claimed to have experienced an attack, with an average downtime of 30 minutes.
21 March 2019

GitHub suffered a ‘record-breaking’ DDoS attack last year. Source: Shutterstock

Effectively wiping out your service to its intended users until fully dealt with, the threat of DDos (distributed denial of service) cyber attacks is enough to keep the palms of even the most seasoned CIO moistened.

In the interest of ‘knowing your enemy’, a provider of application and network performance management products Netscout, has explored the impact of DDoS attacks on businesses in the US.

According to the report, US$218,339 is lost on average per company victim to DDoS attacks, which amounts to in excess of US$10 billion lost in the US per year.  

A DDoS attacked comprises multiple compromised systems, often infected with a Trojan, used to target a single system causing a DoS (denial of service) attack.

The victims of these are both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attacks.

More than nine in 10 (92 percent) of enterprises in North America said they had experienced such an attack in 2018, suffering network downtime as a result.

On average, this downtime lasted for 30 minutes or more for half the companies the questioned, while an unlucky (or unprepared) 10 percent found their systems impacted for more than four hours.

According to Netscout’s CTO, Security, Darren Anstee, the frequency of DDoS attacks is owed to the tools used to initiate them being cheap, freely available and easily deployed.

Because of this, there are more than 10,000 DDoS attacks every day around the world: “The size and complexity of attacks continue to grow and businesses must make sure their key resources are adequately protected – including in the cloud, SaaS etc.,“ said Anstee.

While DDoS attacks target businesses of “all shapes and sizes”, said Anstee, the study focused specifically on the some of the largest employers in the US.

Here it found that around 85 percent of major North American enterprises questioned were attacked at least once in 2018, more than nine in 10 (92 percent) experienced downtime, averaging 62 minutes for the year, while downtime costs were estimated at US$3,533 per minute.

“If we assume those impacts apply equally to the 57,000 US companies with more than 250 employees, the total cost equates to approximately US$9.8 billion,” said Anstee.  

“However, we know that the wide availability of the required tools has ‘democratised’ DDoS.

“Much smaller companies are also under attack and so the true cost to the U.S. economy is likely to significantly exceed $10 billion per annum,” he said.

The impact of DDoS attacks is far from just financial, though; Netscout found other ramifications include revenue loss (36.9%), increased operational expenses (41.8%), reputational impact (35.8%), surging insurance premiums (35.9%) and loss of customers (31.7%).

“If something is important to you, it’s important to hackers,” added Anstee. “As businesses place growing reliance on digital services, it’s hardly a surprise that attacks against the cloud, SaaS and data centers are increasing at an alarming rate.”

With attackers continually evolving tactics to exploit new vulnerabilities in complex and critical IT structures, Anstee said companies must have visibility across their entire infrastructure, and all inbound & outbound traffic, so they can quickly tackle threats.