Simple Steps to Calculate DDoS Attack Costs - 1st Part

Distributed Denial of Service (DDoS) attacks have increased by 542% during the COVID-19 pandemic. While attacks are cheap and can be obtained for as little as $10 per hour on the Dark Web, the impact for organizations can be devastating with the average cost of downtime for an enterprise reaching up to $2 million.

How Do You Calculate the Cost of a DDoS Attack?

DDoS attacks have direct and indirect costs. Direct damages, for example, are costs associated with downtime/latency, and loss of immediate revenue, personnel costs associated with mitigating attacks. Indirect Costs would be customer churn, regulatory repercussions, and compromised data.

This first part of the 2-part blog series focuses on direct costs and the second part on indirect costs along with the only possible method to continuously prevent DDoS attacks.

Direct/Immediate Costs

Loss of Revenue from Site Inaccessibility

This is the first risk that usually comes to mind when thinking of a “DDoS Attack” and rightfully so. Neustar’s most recent study indicates that nearly half of the enterprises (49%) estimated their hourly revenue risk at US$250,000 or higher. When considering that mitigating DDoS attacks takes 45% of enterprises between 3 hours, to more than 24 hours, that amounts to significant financial losses.

Session Disruption

Beyond eCommerce, DDoS attacks create session interruptions, where the customer is right in the middle of a transaction or game, and the system suddenly goes down. What kind of customer experience are you promoting? It is a well-known fact that the buying cycle and shopping cart abandonment are common experiences for eCommerce businesses.

When the dropouts occur because a DDoS attack caused the site to crash, it can mean that the customer may not come back to the site. Finding customers who buy online, keeping in mind the severe competition, and then losing them to a DDoS attack is unimaginable.

For example, 20 DDoS attacks in 30 days can degrade customer web traffic by 35%. Relatively speaking, a 35% degradation in traffic equates to a 60% drop in online purchases and a 40% increase in abandoned shopping carts.

Productivity Losses
What if your site serves as the gateway for remote employees? The longer it takes to get the site back up, the less work gets done by all employees in the organization. The average cost of network downtime is around $300,000 per hour. For any business, $300,000/hour is a huge loss. Along with the time required to get the network up and running, it takes an average of 23 minutes to get refocused on one’s prior task. According to a Carnegie Melon University study, cognitive function can decrease by 20 percent after an interruption.

IT Staff Time and its Impact on Security
While your 15 employees are fighting the DDoS attack, who is doing their regular jobs? Who is watching all the other systems not connected to the DDoS attack? In the world of digital transformation, IT manpower are key contributors to business revenue. Their responsibilities stretch beyond setting up hardware and network to ensuring seamless communication channels. As key contributors to the business’s revenue, locking them up in managing an attack can impact the overall smooth functioning of the IT organization and thereby impact revenue numbers.

In our second part of this blog series, we will discuss the indirect and long-term damages from DDoS attacks and solutions we propose.

About MazeBolt

MazeBolt is an innovation leader in cybersecurity and part of the DDoS mitigation space. Offering full DDoS risk detection and elimination and working with any mitigation system to provide end to end full coverage. Supporting organizations in avoiding downtime and closing DDoS vulnerabilities before an attack happens.

References