IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Emergency patches cost companies almost $100,000 every month

Applying last-minute security fixes is hitting companies hard, says report

Issuing emergency patches for newly-discovered security threats is costing businesses almost $100,000 per month and taking up more than 60 man-hours, new research has revealed.

According to an independent survey of 500 CISOs from companies in the UK, US and Germany with more than 1,000 employees, crisis patch management the practise of scrambling to apply fixes for vulnerabilities such as the SMB flaw behind last month's WannaCry ransomware attack is causing businesses a major headache.

The survey, which was commissioned by security firm Bromium, found that on average, businesses were having to issue a whopping five emergency patches every month. That equates to more than one a week and with each patch taking an average of more than 12 man-hours to apply, it's easy to see why more than half of CISOs say that issuing them is a 'major disruption' for their teams.

More importantly, these last-minute patch jobs are putting a huge hole in companies' bottom line. Over 50% of businesses have had to either pay overtime to IT staff or bring a third-party response unit to deal with emergency patches and security issues. According to the study, this costs companies almost $20,000 per patch.

"We can see with the recent WannaCry outbreak where an emergency patch was issued to stop the spread of the worm that enterprises are still having to paper over the cracks in order to secure their systems," said Simon Crosby, Bromium's co-founder and CTO.

"The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences. WannaCry certainly isn't an isolated case and as ransomware and polymorphic malware become increasingly sophisticated and difficult to defend against, we are going to see many more emergency patches become a crisis although, sadly, they will often be too late."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022