SOURCE: Infonetics Research

February 27, 2007 10:08 ET

Network downtime from security attacks costs large organizations over $30M/year: Infonetics Research

CAMPBELL, CA -- (MARKET WIRE) -- February 27, 2007 -- In a new study on network downtime caused by security attacks, analyst firm Infonetics Research found that large organizations are losing an average of 2.2% of their annual revenue, or more than $30 million, to security attacks.

The study, "The Costs of Network Security Attacks: North America 2007," shows that small and medium organizations lose about half a percent of their annual revenue to security attacks, which can run into the hundreds of thousands of dollars.

"We suspect that if small and medium organizations had the right tools, staff, and processes in place to more accurately track their downtime, the percent of total revenue it represented would be significantly higher than our study indicates -- though still not as high as among large organizations," said Jeff Wilson, principal analyst at Infonetics Research. "There are targeted security solutions available for organizations of every size, and I think once they see just how much money they're losing due to security attack downtime they'll be more interested in making special investments to put a stop to it."

Sample Data

--  More than half of downtime cost is due to service degradation (vs.
    outright outages) for small, medium, and large organizations, and much of
    this is "hidden downtime" since degradations often go unreported
--  Medium organizations are most vexed by client malware, large
    organizations are plagued more by DOS attacks and server malware, and small
    organizations are impacted fairly evenly by all 3 sources of attacks
--  Small and medium organizations have major problems with spyware; in
    fact, at medium organizations a staggering 40% of all security downtime
    cost comes from spyware alone
Infonetics conducted the study to understand the causes and calculate the cost of security attack downtime, drilling down into productivity vs. revenue losses, outages vs. degradations, attack types (DOS attacks, client malware, and server malware), and the specific attacks that are most troublesome.

They interviewed high-level IT professionals at 240 small (20 to 100 employees), medium (101 to 1,000 employees), and large companies (over 1,000) in North America for the study. Respondents reported numbers and durations of outages and service degradations due to security attacks, annual company revenue, and other basic metrics, and Infonetics then calculated revenue and productivity losses using its own cost analyzer tool, which is included in the study.

Many organizations have a hard time closely tracking downtime caused by service degradation because they don't have the proper network management tools to observe and quantify service degradations, the study concludes. The data and cost analyzer in Infonetics' study can help security manufacturers show customers what kind of investments they should make to combat different types of attacks, thereby improving productivity and increasing revenue.

Download sample data at For sales, contact Larry Howard, vice president, at or +1 (408) 583-3335.

Infonetics Research ( is the premier international market research and consulting firm specializing in data networking and telecom. Services include quarterly market share and forecasting, end-user survey research, service provider survey research, and service provider capex analysis.

Contact Information

  • Press Contact:
    Jeff Wilson
    Principal Analyst, Network Security
    Infonetics Research
    Email Contact