Digitalization of business increases the costs of information security

The reasons for the increase in the cost of ensuring information security, in connection with the increase in the level of development of the digital economy have been revealed. One of the main reasons is the ever-increasing amount of information that needs to be stored and analysed. According to IDC forecasts, by 2025 the volume of data worldwide will increase by 10 times compared to 2017. The average costs of restoring companies ‘ activities related to cybercrimes have been given. The costs of information security are formed under the influence of many factors, the most important of which are cyber threats. The content of cyber threats on the example of industrial enterprises has been considered.

The number of cyber threats is constantly growing in the world, their complexity and diversity increase depending on the object of the attack, goals and objectives. The most common types of cyber attacks in the world has been considered in the article, the mechanism of their implementation, their source and the scale of damage they cause, have been described.

In connection with the transition to a digital economy, the number of cyber threats is constantly growing. In 2018, 4.3 billion computer impacts on critical infrastructure were identified in Russia (2.4 billion in 2017). Of these, more than 17 thousand are the most dangerous computer attacks. Bot networks of 30 thousand computers in 86 countries were used for these purposes. The average costs of medium-sized companies to eliminate the consequences of only one cyber incident in Russia are about 1.6 million rubles, and for large businesses - 16.1 million rubles.

The recommendations to companies to consider the cost of information security as a strategic investment, ensuring the continuity of their business processes, which create advantages in an era of rapidly developing cyber threats, have been substantiated in the article. For the purposes of selecting and analysing the sources of costs of companies to provide information security, it has been proposed to classify them into 9 categories. The results of the analysis will allow companies to determine the main directions of priority financing of measures to reduce the level of losses from information security incidents and to form reasonably information security budgets.

1. Ukaz Prezidenta RF ot 05.12.2016 № 646 “Ob utverzhdenii Doktriny informatsionnoi bezopasnosti Rossiiskoi Feder-atsii” [Decree of the President of the Russian Federation “On Approval of the Information Security Doctrine of the Russian Federation” No. 646 dated on December 5, 2016], legal reference system "Consultant plus”. Available at: http://www.consultant.EN/document/cons_doc_LAW_208191/4dbff9722e14f63a309bce4c2ad3d12cc2e85f10/ (accessed 12.02.2020).

2. Egorov I. Ataki v seti i na yavu [Attacks in the network and in reality], Rossiiskaya Gazeta, 2018, 11 dek, no. 279 (7742). Available at: https://rg.ru/2018/12/11/direktor-fsb-aleksan-dr-bortnikov-rasskazal-o-predotvrashchennyh-teraktah. html (accessed 12.02.2020).

3. “Laboratoriya Kasperskogo” vyyasnila: utechka dannykh stoila rossiiskomu krupnomu biznesu 246 tysyach dollarov [Kaspersky Lab found out: the data leak cost Russian big business 246 thousand dollars], Laboratoriya Kasperskogo [Kaspersky Lab]. Available at: https://www.kaspersky.ru/about/press-releases/2018_data-leaks (accessed 12.02.2020).

4. Mamaeva L. N. Kharakternye problemy informatsionnoi bezopasnosti v sovremennoi ekonomike [ Typical problems of information security in modern economy], Informatsionnaya bezopasnost' regionov, 2016, no. 1, pp. 21—24.

5. Makhalin V. N. Ugrozy national'noi bezopasnosti Rossii [Threats to economic security of Russia], Aktual’nye voprosy prava, ekonomiki i upravleniya: sbornik statei nauchno-prak-ticheskoi konferentsii [Topical issues of law, economics and management: collection of articles of the scientific and practical conference], Penza, Nauka i prosveshchenie, 2017, 302 p.

6. Makhalin V. N., Makhalina O. M. Upravlenie vyzovami i ugrozami v tsifrovoi ekonomike Rossii [Managing challenges and threats in the digital economy of Russia], Upravle-nie, 2018, no. 2, pp. 57—60.

7. Ostroglazov А., Lipov D. Kak povysit' effektivnost' zatrat finansovykh organizatsii na kiberbezopasnost> [How to improve the cost-effectiveness of financial institutions for cybersecurity], Bankir.ru. Available at: https://bankir.ru/pub-likacii/20181105/kak-povysit-effektivnost-zatrat-fi-nansovykh-organizatsii-na-kiberbezopasnost-10009623/ (accessed 12.02.2020).

8. Udalov D. V. [et al.]. Gosudarstvennaya politika v sfere obe-specheniya national'noi bezopasnosti: ekonomiko-pravovoi aspekt [State policy in the sphere of national security: economic and legal aspect], pod obshch. red. S. Yu. Naumova, B. V. Chernyshcheva, Saratov, Saratovskii sotsial'no-eko-nomicheskii institute (filial REU im. G. V. Plekhanova), 2016, 284 p.

9. Udalov D. V. Ugrozy i vyzovy tsifrovoi ekonomiki [Threats and challenges of digital economy], Ekonomicheskaya bezo-pasnost' i kachestvo, 2018, no. 1, pp. 12—18.

10. Informatsionnaya bezopasnost> (mirovoi rynok) [Information security (world market)], TAdviser. Available at: http://www.tadviser.ru/a/275984 (accessed 12.02.2020).

11. Ivanov О. Informatsionnaya bezopasnost> v tsifrakh [Information security in numbers], Anti-Malware. ru. Available at: https://www.anti-malware.ru/analytics/Threats_Analy-sis/2018-cybersecurity-statistics (accessed 12.02.2020).