Organizations are paying $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers.

This means that a 500-employee company spends on average $600,000 an year, according to a new survey for Perception Point, carried out by Osterman Research.

A successful email-based cyber incident takes security staff an average of 86 hours to address. As a result, one security professional, with no support, can only handle 23 email incidents per year, representing a direct cost of $6,452 per incident in time alone.

Attacks on cloud collaboration apps or services are only slightly less costly to deal with. They take on average 71 hours to resolve, meaning that one professional can handle 28 incidents per year at an average cost of $5,305 per incident. This is also a threat vector that isn’t going to go away, 80 percent of respondents believe that new channels, including cloud collaboration apps and web browsers, will be important or extremely important for employee productivity by 2024.

Threat actors though have switched their attacks to the new apps and services that enterprises have adopted. Malicious incidents against these new cloud-based apps and services already occur at 60 percent of the frequency with which they occur on email-based services, with some attacks, like those involving malware installed on an endpoint, occurring on cloud collaboration apps at 87 percent of the frequency with which they occur on email-based services.

“The Perception Point-Osterman report supports cybersecurity leaders’ assessments of the expanding threat landscape trends and how they impact companies’ bottom lines,” says Yoram Salinger, CEO of Perception Point. “These findings demonstrate the urgent need for organizations to find the most accurate and efficient cybersecurity solutions which provide the necessary protection with streamlined processes and managed services, in particular with enterprises increasingly prioritizing value for money in today’s challenging economic environment. Moreover, the rapid growth of non-email-based threats crucially underscores the need for security teams to keep up with emerging trends, especially as the modern work environment is in flux and the number of cloud-based collaboration tools that organizations rely on is only likely to expand.”

The report also finds all organizations plan to deploy at least one new security tool to combat threats over the coming year, with 69 percent planning to deploy three or more. Half of all organizations already use six or more different communication and collaboration tools, with 19 percent using nine. Using such a wide range of tools increases the number of vectors which attackers can target.

More than 70 percent of respondents also believe that the frequency of security threats will remain the same or increase over the next two years. All types of attack are getting more sophisticated too. This is especially true for attacks against cloud collaboration apps and services. 72 percent of respondents say that attacks against cloud storage services have grown more sophisticated over the past year.

“With cloud collaboration apps and services now complementing email as a cornerstone of any enterprise’s workflow, modern cybersecurity solutions must adapt to encompass the totality of channels and threat types,” says Michael Sampson, senior analyst at Osterman Research. “Organizations cannot afford — financially or reputationally — to rely on outdated approaches. Our survey demonstrates the clear need for agile and holistic threat prevention solutions, and organizations which embrace these conclusions stand to set themselves apart from their competitors amidst today’s fast-evolving circumstances.”

The full report is available on the Perception Point site.

This article first appeared in Betanews in November, 2022, written by Ian Barker.