Security breach costs
Breach Recovery Costs More in Virtual Environments
Security breaches on virtual environments cost enterprises more than those on physical environments and lead to the added cost of hiring outside experts.
High Virtualization Usage
62% of businesses use virtualization in one form or another.
Twice the Cost
Businesses pay twice as much to recover from a security breach using a virtual infrastructure.
Average Recovery Cost for Large Enterprises
Large enterprises spend more than $800,000 on recovery with virtualization and nearly $406,000 without virtualization.
Average Recovery Cost for SMBs
The average direct cost of recovery for SMBs is close to $60,000 per incident when virtualization is involved, and nearly $27,000 per incident without virtualization.
Reasons for Higher Cost
Security complexity, businesses needing to improve their understanding of risks specific to virtual environments and extensive use of virtual infrastructure for mission-critical operations are the three reasons listed for a cost increase.
Top Virtualization Platforms
40% of businesses use VMWare, followed by Microsoft (36%) and Citrix (9%). Only 9% of businesses use open-source virtualization platforms: Xen (6%) and KVM (3%).
Future Adoption
Virtualization platforms that companies are likely to adopt in the next two years include XenServer (17%), Microsoft Hyper-V (16%), a KVM-based commercial platform like RHEV (15%), a KVM-based open-source platform like oVert (14%), VMware (e.g., vSphere) (13%) and Xen (12%).
Virtual Safety
42% of businesses think virtual environments are safer than physical ones, and only 53% are highly concerned about the security of virtualized environments.
Dealing With Risk
56% of businesses said they are fully prepared to mitigate and deal with the security risks to their virtualized infrastructure.
Lack of Awareness
73% of businesses do not make use of specialized IT security solutions for virtual environments, and 34% aren’t aware of the performance benefits of these solutions.
Specialized Security
Of those using specialized IT security methods, 48% use agent-based solutions, followed by agentless (35%) and light-agent approaches (13%).
Security Impact Involving Virtual Infrastructure
The biggest consequences of a security breach involving virtual infrastructure include temporary loss of access to business-critical information (66%), loss of credibility/damage to company reputation (48%), temporary loss of the ability to trade (47%) and loss of contracts/business opportunities (43%).
Security Impact Involving Physical Infrastructure
The biggest consequences of a security breach not involving physical infrastructure includes temporary loss of access to business-critical information (36%), loss of credibility/damage to company reputation (23%), temporary loss of the ability to trade (22%) and loss of contracts/business opportunities (21%).
Recovery Measures for Virtual Infrastructure
The top recovery measures from a security breach that affects virtual infrastructure include IT security consultants (79%), risk management consultants (58%), lawyers/solicitors (56%), management consultants (51%) and auditors/accountants (49%).
Recovery Measures for Physical Infrastructure
The top recovery measures from a security breach that affects physical infrastructure include IT security consultants (64%), risk management consultants (33%), physical security consultants (27%), auditors/accountants (26%) and management consultants (23%).