Security incidents are expensive, but not all security incidents are created equally. A recent study found that businesses pay a significant premium for incident response and recovery affecting a virtual infrastructure.
Respondents representing more than 5,500 different companies across 25 different countries participated in the survey. The purpose of the survey was to learn more about the cost of security incidents and incident recovery and what impact virtual servers or a virtual infrastructure have on those costs.
The study found that 62 percent of businesses use virtualization in some form or another. VMware is the most widely used virtualization platform, followed closely by Microsoft with Citrix coming in a distant third. However, only 52 percent of respondents feel they fully understand the risks specific to virtual environments, and nearly half of the companies represented in the study report that they are not fully prepared to deal with security risks in a virtual environment.
What makes the inherent security risks of virtualization more concerning is that according to the report businesses pay on average about twice as much to recover from a security breach when a virtual infrastructure is involved. The report seeks to explain why security incidents on virtual servers are apparently so much more expensive. The primary difference according to analysis of the survey data seems to be that virtual environments are more likely to be used for mission-critical operations, meaning that a successful attack against a virtual environment has a greater impact on the organization.
For large companies of 1,500 or more employees the average cost of a security incident involving a virtual infrastructure is nearly $1 million when taking into account indirect expenses such as staff training to mitigate future risks. Even for small and medium businesses the average financial impact of an attack on a virtual infrastructure is about $60,000—which is more than double the $26,000 average for an attack on a physical environment.
Based on the survey responses an attack against a virtual infrastructure is significantly more likely to result in a temporary loss of important data, an inability to conduct critical business operations, and damage to the business’ reputation. The report found that 36 percent of security incidents reported against a physical environment result in a loss of access to critical business information, but that number skyrockets to 66 percent when virtual servers and desktops are involved.
When organizations embrace virtualization it often involves migrating to cloud platforms as well, which results in increased incident response expenses for third-party expertise—IT consultants, lawyers, and risk management experts to assist in cleaning up the mess for a cloud-based virtual environment.
There are many benefits to embracing virtualization and adopting a virtual infrastructure—including cost. Those benefits can be completely wiped out, however, if you don’t understand and address the unique risks associated with virtualization. Make sure you take steps to secure and protect your virtual infrastructure or your next attack might cost you twice as much.