Kaspersky finds timely software updates can cut business data breach costs in half

According to a recent Kaspersky report, enterprises with outdated technology can lose 47% more money when they suffer a data breach compared to those who update their IT technologies in a timely manner. For small and medium-sized businesses, the difference is even more obvious at up to 54%. The use of obsolete and unpatched software is quite common and important for businesses to address, since almost half of organizations in North America (44%) use at least some form of out-of-date technology in their infrastructure.

While vulnerabilities are inevitable in any software, regular patching and updates can minimize the risk of exploitation. As a result, users are always advised to install the latest software versions as soon as they are available, even if these updates are difficult or a time-consuming task for organizations. With many businesses globally having at least some form of outdated technology (47%), Kaspersky’s survey shows that organizations should prioritize renewing software and be prepared to invest because doing so could save money in the long-term.

In North America, if a data breach happens, enterprises with any form of outdated technology, including unpatched operating systems, old software and unsupported mobile devices, can suffer $1.277M in financial damage compared to $1.138M for companies with completely updated technologies. As for small and medium-sized businesses, the total cost is $160K for those who have outdated software compared to $102K for businesses with all required updates installed.

Chart 1: Average cost of a data breach depending on whether the company has outdated technology

Among the reasons given for not updating technologies, the most common globally reported is an incompatibility of updates with in-house applications (48%). This reason can be critical for organizations developing software internally to meet their own needs or when using very specific applications with limited support. In North America, some of these reasons are simpler: 49% of employees often refuse to work with new versions of the software they use (48%). In addition, in some cases, technologies are not updated because they belong to members of the C-suite (35%).

“Any additional costs for business are of course critical, especially now. The global economic situation is unstable because of the pandemic and investments in IT and IT security are predicted to decrease,” said Sergey Martsynkyan, head of B2B Product Marketing at Kaspersky. “That is why in this year’s ‘IT Security Economics’ report we wanted to explore how businesses can reduce the burden in case of a cybersecurity incident. It offers strong reasoning why the issue of obsolete software is so important. Even if it is impossible to get rid of it overnight, there are still some measures to mitigate the risk. Companies can not only save money, but also avoid other potential consequences, which is crucial for any business.”

Kaspersky’s report, ‘How businesses can minimize the cost of a data breach’, is the second part of the IT Security Economics 2020 series and is available here. To read the first part, ‘Investment adjustment: aligning IT budgets with changing security priorities’, please download from the Kaspersky IT Security Calculator web page.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.