Emergency patches cost companies almost $100,000 every month

Applying last-minute security fixes is hitting companies hard, says report

Issuing emergency patches for newly-discovered security threats is costing businesses almost $100,000 per month and taking up more than 60 man-hours, new research has revealed.

According to an independent survey of 500 CISOs from companies in the UK, US and Germany with more than 1,000 employees, crisis patch management the practise of scrambling to apply fixes for vulnerabilities such as the SMB flaw behind last month's WannaCry ransomware attack is causing businesses a major headache.

Advertisement - Article continues below

The survey, which was commissioned by security firm Bromium, found that on average, businesses were having to issue a whopping five emergency patches every month. That equates to more than one a week and with each patch taking an average of more than 12 man-hours to apply, it's easy to see why more than half of CISOs say that issuing them is a 'major disruption' for their teams.

More importantly, these last-minute patch jobs are putting a huge hole in companies' bottom line. Over 50% of businesses have had to either pay overtime to IT staff or bring a third-party response unit to deal with emergency patches and security issues. According to the study, this costs companies almost $20,000 per patch.

"We can see with the recent WannaCry outbreak where an emergency patch was issued to stop the spread of the worm that enterprises are still having to paper over the cracks in order to secure their systems," said Simon Crosby, Bromium's co-founder and CTO.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences. WannaCry certainly isn't an isolated case and as ransomware and polymorphic malware become increasingly sophisticated and difficult to defend against, we are going to see many more emergency patches become a crisis although, sadly, they will often be too late."

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020