Not only is the instance of cybercrime on the increase, but the cost of dealing with it is growing in leaps and bounds, This is according to new HP research which indicates that the cost of cyberattacks on businesses and government organisations results in significant financial impact.
Conducted by the Ponemon Institute, the Second Annual Cost of Cyber Crime Study revealed that the median annualised cost of cybercrime incurred by a benchmark sample of organisations was $5,9-million per year, with a range of $1,5-million to $36,5-million each year per organisation.
This represents an increase of 56% from the median cost reported in the inaugural study published in July 2010.
The study found that recovery and detection are the most costly internal activities, highlighting a significant cost-reduction opportunity for organisations that are able to automate detection and recovery through enabling security technologies.
“Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organisation’s financial health becoming more substantial,” says Praveen Govender, HP Software country manager, South Africa. “Organisations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime.”
Cyberattacks have become common occurrences. Over a four-week period, the organisations surveyed experienced 72 successful attacks per week, an increase of nearly 45% from last year. More than 90% of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.
Key findings from the study include:
* Cyberattacks can be costly if not resolved quickly. The average time to resolve a cyberattack is 18 days, with an average cost to participating organizations of nearly $416 000. This represents a nearly 70% increase from the estimated cost of $250 000 over a 14-day resolution period in last year’s study. Results also showed that malicious insider attacks can take more than 45 days to contain.
* Deploying advanced security intelligence and risk management solutions can mitigate the impact of cyberattacks. Organisations that had deployed security information and event management (SIEM) solutions realised a cost savings of nearly 25%, resulting from the enhanced ability to quickly detect and contain cybercrimes. As a result, these organisations experienced a substantially lower cost of recovery, detection and containment than organisations that had not deployed SIEM solutions.
“As the sophistication and frequency of cyberattacks increases, so too will the economic consequences,” says Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “Figuring out how much to invest in security starts with understanding the real cost of cybercrime.”