Emergency patches cost companies almost $100,000 every month

Applying last-minute security fixes is hitting companies hard, says report

Issuing emergency patches for newly-discovered security threats is costing businesses almost $100,000 per month and taking up more than 60 man-hours, new research has revealed.

According to an independent survey of 500 CISOs from companies in the UK, US and Germany with more than 1,000 employees, crisis patch management the practise of scrambling to apply fixes for vulnerabilities such as the SMB flaw behind last month's WannaCry ransomware attack is causing businesses a major headache.

The survey, which was commissioned by security firm Bromium, found that on average, businesses were having to issue a whopping five emergency patches every month. That equates to more than one a week and with each patch taking an average of more than 12 man-hours to apply, it's easy to see why more than half of CISOs say that issuing them is a 'major disruption' for their teams.

More importantly, these last-minute patch jobs are putting a huge hole in companies' bottom line. Over 50% of businesses have had to either pay overtime to IT staff or bring a third-party response unit to deal with emergency patches and security issues. According to the study, this costs companies almost $20,000 per patch.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We can see with the recent WannaCry outbreak where an emergency patch was issued to stop the spread of the worm that enterprises are still having to paper over the cracks in order to secure their systems," said Simon Crosby, Bromium's co-founder and CTO.

"The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences. WannaCry certainly isn't an isolated case and as ransomware and polymorphic malware become increasingly sophisticated and difficult to defend against, we are going to see many more emergency patches become a crisis although, sadly, they will often be too late."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/software/34583/avast-business-patch-management-review-don-t-give-up-the-day-job-just-yet
Software

Avast Business Patch Management review

8 Oct 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/security/data-breaches/354611/misconfigured-security-command-exposes-250-million-microsoft-customer
data breaches

Misconfigured security command exposes 250 million Microsoft customer records

23 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/mobile/5g/354634/boris-johnson-accused-of-doing-a-bit-of-a-runner-from-huawei-5g-questions
5G

Boris Johnson accused of doing "a bit of a runner" from Huawei 5G questions

27 Jan 2020