Cybersecurity is an expensive business. To prepare to address sophisticated threat actors, an enterprise needs to maintain a complete security operations center (SOC) filled with state-of-the-art technologies and experienced professionals who know how to identify and mitigate threats.

All of these factors add up. According to a new report released by threat prevention provider Perception Point and Osterman Research, organizations pay $1,197 per employee yearly to address cyber incidents across email services, cloud collaboration apps or services, and web browsers.

This means the average 500-employee company spends $600,000 annually on addressing cybersecurity incidents, without factoring in additional costs like business losses, compliance fines, or mitigation costs.

With a recession looming in 2023, organizations are under increasing pressure to cut costs and optimize their current security approaches.

The cost of cybersecurity 

The announcement comes as more and more organizations are struggling to keep up with the complex threat landscape, with the number of data breaches increasing by 70% during Q3 of 202.

Perception Point’s report notes that one of the key challenges for defenders, is that threat actors have changed their attack toolkits beyond email and the web browser, with attacks on cloud-based apps and services, such as collaboration apps and storage, occurring at 60% of the frequency with which they occur on email-based services.

Given that Gartner estimates that nearly 80% of workers are using collaboration tools for work, enterprises not only need to be able to prevent cyberattacks across on-premise and cloud environments that are cost-efficient, but they also need a robust incident response process to resolve security incidents in the shortest time possible.

“In terms of the potential risk and damages — prevention of attacks has a greater financial impact on the organization,” said Michael Calev, Perception Point’s VP of corporate development and strategy.

“One successful breach for an organization can cause damage amounting to millions of dollars — for bigger companies this could mean a significant loss in revenue, production capabilities, and a hit to their reputation, while for smaller companies it could spell disaster and even the end of their ability to operate,” Calev said.

While processing spam and phishing emails is time-consuming, prevention saves SOC teams money so they don’t have to remediate and manage events post-breach.

Making cybersecurity affordable 

Managing cybersecurity spending is difficult because even manual tasks can consume a substantial amount of time and money.

For instance, it takes a security staff an average of 86 hours to address a single email-based cyber incident. This means a single security professional can only handle 23 email incidents per year, a direct cost of $6,452 per incident in time alone.

In response to these high costs, the report recommends that enterprises consolidate their security stack for more efficient threat protection capabilities, while leveraging managed services to support security teams with scalable incident response capabilities.

[Calev] highlights that managed services in particular give overburdened security teams 24/7 coverage as they can ensure systems remain protected without working round the clock.

This article was first published in VentureBeat on November 22, 2022, written by Tim Keary.