Emergency patches cost companies almost $100,000 every month

Applying last-minute security fixes is hitting companies hard, says report

Issuing emergency patches for newly-discovered security threats is costing businesses almost $100,000 per month and taking up more than 60 man-hours, new research has revealed.

According to an independent survey of 500 CISOs from companies in the UK, US and Germany with more than 1,000 employees, crisis patch management the practise of scrambling to apply fixes for vulnerabilities such as the SMB flaw behind last month's WannaCry ransomware attack is causing businesses a major headache.

The survey, which was commissioned by security firm Bromium, found that on average, businesses were having to issue a whopping five emergency patches every month. That equates to more than one a week and with each patch taking an average of more than 12 man-hours to apply, it's easy to see why more than half of CISOs say that issuing them is a 'major disruption' for their teams.

More importantly, these last-minute patch jobs are putting a huge hole in companies' bottom line. Over 50% of businesses have had to either pay overtime to IT staff or bring a third-party response unit to deal with emergency patches and security issues. According to the study, this costs companies almost $20,000 per patch.

Advertisement
Advertisement - Article continues below

"We can see with the recent WannaCry outbreak where an emergency patch was issued to stop the spread of the worm that enterprises are still having to paper over the cracks in order to secure their systems," said Simon Crosby, Bromium's co-founder and CTO.

"The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences. WannaCry certainly isn't an isolated case and as ransomware and polymorphic malware become increasingly sophisticated and difficult to defend against, we are going to see many more emergency patches become a crisis although, sadly, they will often be too late."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/software/34583/avast-business-patch-management-review-don-t-give-up-the-day-job-just-yet
Software

Avast Business Patch Management review

8 Oct 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019