A new and comprehensive way managing risk is required in today’s instant-on enterprises.
This is according to the Second Annual Cost of Cyber Crime Study, an HP-sponsored Ponemon Institute survey, which found that cyber attacks have a significant financial impact on businesses and government organisations, despite widespread awareness.
The study also indicated:
* The median cost of cyber crime is now $5,9-million per year, a 56% increase from the median cost in last year’s study. In addition, more than 90% of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.
* During a four-week period, organisations surveyed experienced an average of 72 successful attacks per week, an increase of nearly 45% from last year.
* The average time to resolve a cyber attack is 18 days, with an average cost of nearly $416 000. This is an increase of approximately 70 percent from the estimated cost of $250 000 during a 14-day resolution period in last year’s study.
In addition, another study from Coleman Parkes, commissioned by HP, surveyed senior business and technology executives on their perspectives on risk, security threats and current priorities. When asked what type of risk management is most critical to enterprises, the study revealed that financial risk was most critical to enterprises.
In terms of threats representing the highest potential risk to organisations, executives agree the first is economic; selected by one out of two respondents, with technological a close second.
That study also indicated that while executives are aware of potential security threats, they lack confidence in their organisations’ risk management practices. Specifically, only 295 of business and 27% of technology leaders indicated that their organisations were very well defended against security threats.
Executives surveyed also expressed that the volume and complexity of risks and threats continue to escalate. Nearly 70% of executives said that the complexity of risks has increased.
* More than 50% of executives believe that security breaches within their organisations have increased during the last year, with 27% responding that, in the past year, they experienced a security breach by unauthorised internal access while 20% responded that they had experienced an external breach.
* In the past 12 months, 21% of respondents said their organisations suffered from identity and privilege abuse due to a security breach, 19% endured business interruption, 19% experienced unwanted disclosure, 13% reported unsafe transactions, and 28% had to deal with compliance management issues.
* Platform vulnerabilities were identified as most critical to organisations, followed by network, application and device vulnerabilities.
* More than half of the respondents indicated that security will be a major priority for 2012, while 48% believe that their security budget will increase in the next budget cycle.