« Business Continuity

‘False positive’ cyber security alerts contribute to over $1 million in losses

"False positive" alerts result in more time wasted chasing down erroneous threats than resolving real ones for many companies.
"False positive" alerts result in more time wasted chasing down erroneous threats than resolving real ones for many companies.

When it comes to cyber security, enterprises simply cannot afford to lag behind the latest trends and threat awareness reports. However, companies that are overzealous in their cyber security efforts face a threat of a different kind — substantial loss risk.

According to a recent study by the Ponemon Institute, one major threat in cyber security is actually "false positive" alerts. A "false positive" occurs when an organization receives a security alert on something that isn't actually a threat. The institute noted that these instances can result in up to $1.3 million in losses for businesses that investigate them.

While enterprises spend about 199 hours a week investigating possible infections and 230 hours a week cleaning up those infections, it is estimated that the average firm spends 395 hours a week chasing erroneous alerts. As such, many firms become a bit jaded and start picking and choosing the alerts they investigate. As a result, of the approximate 16,937 malware alerts that companies receive per week, only 4 percent are investigated and 40 percent go undetected.

From a business continuity standpoint this is a major sticking point. If 40 percent of natural disasters went "unnoticed," few businesses would last or recover. Malware can be just as crippling as a hurricane or data center crisis under the right circumstances, making it essential for companies to optimize their cyber security efforts and minimize the risk of "false positive" alerts.

Hiring business continuity consultants can help firms maximize their disaster recovery and resiliency strategies while minimizing the damage any crisis can cause, be it a natural, manmade or cyber disaster.