A latest survey “The Economic Value of Prevention in the Cybersecurity Lifecycle” from the Ponemon Institute revealed that the economic value of cyberattack prevention ranges from US$396,675 to US$1,366,365. The survey, sponsored by cybersecurity company Deep Instinct, took into account the entire cybersecurity lifecycle, which includes detection, containment, remediation, and recovery.
The study found that the majority of cybersecurity professionals (70%) felt the ability to prevent attacks to improve their cybersecurity posture and reduce the cost of an attack, however only a small budget (21%) is allocated to cyberattacks prevention. It also highlighted that 79% of budget allocation is delegated for detection, containment, recovery, and remediation activities.
Nearly 50% of respondents admitted that their organizations are wasting budgets that don’t improve their cybersecurity posture, while 40% of them stated that their budgets are sufficient. According to 80% of respondents, the prevention of cyberattacks is perceived as the most difficult task to achieve in the cybersecurity lifecycle, for the reasons cited–that it takes too long to identify, insufficient technology, and lack of in-house expertise. 55% of respondents feel their organizations can contain cyberattacks after they happen.
The study revealed that efficient adoption of preventative security solutions, compared to the current spending of security departments and the cost of attacks, will result in significant cost reductions.
| Attack Type |
Average Total Cost of Attack |
Percent of Total Cost Spent |
Average Cost Savings |
| Phishing | US$832,500 | 18% | US$682,650 |
| Zero-day | US$1,238,000 | 12% | US$1,089,440 |
| Spyware | US$691,500 | 26% | US$511,710 |
| Nation-state | US$1,501,500 | 9% | US$1,366,365 |
| Ransomware | US$440,750 | 10% | US$396,675 |
The findings are based on the responses of 600 IT and security practitioners who are responsible for maintaining and implementing security technologies, conducting assessments, leading security teams and testing controls in their organizations.
“What this study shows is that most companies are still operating under a policy of ‘assume breach,’ believing that it is more pragmatic to contain a cyberattack after penetration. This is no longer an economically viable long-term strategy,” said Guy Caspi, CEO and Co-founder of Deep Instinct. “The value of prevention is clear–for any type of attack, prevention saves significant time and money. Deep learning-powered cyber solutions, which are uninhibited by the human limitations that define machine learning-driven solutions, are uniquely suited to provide preventative protection for enterprises and drive down the costs of attacks.”
