The cost, frequency and time to resolve cyber-attacks has risen for the fourth consecutive year, according to Ponemon Institute research for HP Enterprise Security Products.
The 2013 Cost of Cyber Crime Study found that the average annualised cost of cybercrime incurred by a benchmark sample of US organisations was $11,56-million, representing a 78% increase since the initial study
was conducted four years ago.
The results also reveal that the time it takes to resolve a cyber-attack has increased by nearly 130% during this same period, with the average cost incurred to resolve a single attack totalling more than $1-million.
The sophistication of cyber-attacks has grown exponentially in recent years, as adversaries both specialise and share intelligence in order to obtain sensitive data and disrupt critical enterprise functions.
According to the study, advanced security intelligence tools such as security information and event management (SIEM), network intelligence systems, and big data analytics, can significantly help to mitigate data
threats and reduce the cost of cybercrime.
Key findings from the 2013 study include:
* The average annualised cost of cybercrime incurred per organisation was $11,56-million, with a range of $1,3-million to $58-million. This is an increase of 26%, or $2,6-million, over the average cost reported in 2012.
* Organisations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.
* The average time to resolve a cyber-attack was 32 days, with an average cost incurred during this period of $1,035-million, or $32 469 per day – a 55% increase over last year’s estimated average cost of $591 780 for
a 24-day period.
“The threat landscape continues to evolve as cyber-attacks grow in sophistication, frequency and financial impact,” says Lorna Hardie, software country manager at HP South Africa.
“For the fourth consecutive year, we have seen the cost savings that intelligent security tools and governance practices can bring to organisations, and as HP, we are committed to continuing to deliver both industry-
leading solutions and research to further disrupt the threat life cycle of the adversary.”
The most costly cybercrimes are caused by denial-of-service, malicious-insider and web-based attacks, together accounting for more than 55% of all cybercrime costs per organisation on an annual basis.
Information theft continues to represent the highest external costs, with business disruption a close second. On an annual basis, information loss accounts for 43% of total external costs, down 2% from 2012.
Business disruption or lost productivity accounts for 36% of external costs, an increase of 18% from 2012.
Recovery and detection are the most costly internal activities. For the past year, recovery and detection combined accounted for 49% of the total internal activity cost, with cash outlays and labour representing the
majority of these costs.
Cybercrime cost varies by company size, but smaller organisations incur a significantly higher per-capita cost than larger organisations.
Organisations in financial services, defence, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products.
The study found that organisations using security intelligence technologies were more efficient in detecting and containing cyber-attacks, experiencing an average cost savings of nearly $4-million per year, and a 21%
return on investment (ROI) over other technology categories.
Deployment of enterprise security governance practices including investing in adequate resources, appointing a high-level security leader, and employing certified or expert staff can reduce cybercrime costs and enable
organisations to save an estimated average of $1,5-million per year.
“Information is a powerful weapon in an organisation’s cyber security arsenal,” says Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
“Based on real-world experiences and in-depth interviews with more than 1 000 security professionals around the globe, the Cost of Cyber Crime research provides valuable insights into the causes and costs of
cyber-attacks. The research is designed to help organisations make the most cost-effective decisions possible in minimising the greatest risks to their companies.”