DDoS attacks hitting firms to tune of $3.5m annually

End users unarmed against DDoS despite 65 per cent experiencing at least one attack last year, research finds

Distributed denial of service (DDoS) attacks are costing companies an average of $3.5m (£2.2m) a year, US-based research has found.

Research from vendor Radware and analyst Ponemon Institute found that IT managers are largely unarmed against the threat, despite the fact 65 per cent suffered at least one DDoS attack last year, with 10 per cent suffering more than 10.

According to analyst Infonetics Research, the global DDoS prevention market is set to swell by 24 per cent this year, with annual spending on course to reach $420m by 2016.

In the Ponemon study, almost two-thirds (63 per cent) of respondents, who were all US senior IT professionals, rated their organisation's offensive countermeasure capabilities as below average.

Of the 705 executives quizzed, just 35 per cent said they had not experienced a DDoS attack in the last 12 months. Some 21 per cent had suffered one attack, 18 per cent between two and five, 11 per cent between six and 10 and 10 per cent more than 10.

The average amount of downtime suffered as a result of each DDoS attack was 53 and a half minutes, although the figure ranged from less than one minute (10 per cent of respondents) to over three hours (nine per cent).

Respondents were also asked to judge how much each minute of downtime cost their organisation in terms of lost traffic, productivity and lost revenues. The average was $21,699, meaning the total cost of each attack is well over $1m.

Multiplying the three figures together means DDoS attacks are costing the US firms polled an average of $3.5m a year.

Respondents also noted a major shift in their security objectives. Gone are the days when firms focus just on data leakage and integrity-based attacks, the research found, with those polled ranking DoS and DDoS as two of the top three threats they face.

Larry Ponemon, founder of Ponemon Institute said: "There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry.

"The report's findings make clear that now is the time for organisations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defences."