Security breach costs
Security breaches on virtual environments cost enterprises more than those on physical environments and lead to the added cost of hiring outside experts.
62% of businesses use virtualization in one form or another.
Businesses pay twice as much to recover from a security breach using a virtual infrastructure.
Large enterprises spend more than $800,000 on recovery with virtualization and nearly $406,000 without virtualization.
The average direct cost of recovery for SMBs is close to $60,000 per incident when virtualization is involved, and nearly $27,000 per incident without virtualization.
Security complexity, businesses needing to improve their understanding of risks specific to virtual environments and extensive use of virtual infrastructure for mission-critical operations are the three reasons listed for a cost increase.
40% of businesses use VMWare, followed by Microsoft (36%) and Citrix (9%). Only 9% of businesses use open-source virtualization platforms: Xen (6%) and KVM (3%).
Virtualization platforms that companies are likely to adopt in the next two years include XenServer (17%), Microsoft Hyper-V (16%), a KVM-based commercial platform like RHEV (15%), a KVM-based open-source platform like oVert (14%), VMware (e.g., vSphere) (13%) and Xen (12%).
42% of businesses think virtual environments are safer than physical ones, and only 53% are highly concerned about the security of virtualized environments.
56% of businesses said they are fully prepared to mitigate and deal with the security risks to their virtualized infrastructure.
73% of businesses do not make use of specialized IT security solutions for virtual environments, and 34% aren’t aware of the performance benefits of these solutions.
Of those using specialized IT security methods, 48% use agent-based solutions, followed by agentless (35%) and light-agent approaches (13%).
The biggest consequences of a security breach involving virtual infrastructure include temporary loss of access to business-critical information (66%), loss of credibility/damage to company reputation (48%), temporary loss of the ability to trade (47%) and loss of contracts/business opportunities (43%).
The biggest consequences of a security breach not involving physical infrastructure includes temporary loss of access to business-critical information (36%), loss of credibility/damage to company reputation (23%), temporary loss of the ability to trade (22%) and loss of contracts/business opportunities (21%).
The top recovery measures from a security breach that affects virtual infrastructure include IT security consultants (79%), risk management consultants (58%), lawyers/solicitors (56%), management consultants (51%) and auditors/accountants (49%).
The top recovery measures from a security breach that affects physical infrastructure include IT security consultants (64%), risk management consultants (33%), physical security consultants (27%), auditors/accountants (26%) and management consultants (23%).