It is common knowledge at this point that cyber attacks are increasing in their frequency, scope and cost to businesses around the world. But falsely positive cyber security alerts are also taking their toll in terms of monetary cost and wasted time, a new report has concluded.

Consider: organizations with protective software get an average of nearly 17,000 malware alerts. But only 19 percent are viable enough to act upon, according to a new report from the Ponemon Institute commissioned by Damballa, a computer security company. The results stem from a survey of more than 600 US IT and IT security “practitioners,” it said.

When the false positive cyber security alert are tallied, the cost for businesses amounts to $1.3 million annually, or 21,000 hours in wasted time, the report concluded.

Other findings from the report:

  • Survey responders said they believe their malware prevention tools miss 40 percent of malware infections in an average week (a problem that gets worse the longer malware remains undetected).
  • About 41 percent of respondents said their organization relies on automated tools to capture intelligence and evaluate the true malware threat.
  • A majority – 60 percent of respondents – said the severity of malware infections has increased (44 percent) or significantly increased (16 percent) over the past year.

Source: Damballa