Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Cyber Security News / Security Newswire

Cost of Cybercrime Increases 78 Percent

October 8, 2013
/ Print / Reprints /
ShareMore
/ Text Size+

The cost, frequency and time to resolve cyberattacks continue to rise for the fourth consecutive year, says a report by the Ponemon Institute.

Conducted by the Ponemon Instituteand sponsored by HP Enterprise Security Products, the 2013 Cost of Cyber Crime Study found that the average annualized cost of cybercrime incurred by a benchmark sample of U.S. organizations was $11.56 million, representing a 78 percent increase since the initial study was conducted four years ago. The results also revealed that the time it takes to resolve a cyberattack has increased by nearly 130 percent during this same period, with the average cost incurred to resolve a single attack totalling more than $1 million.

The sophistication of cyberattacks has grown exponentially in recent years, as adversaries both specialize and share intelligence in order to obtain sensitive data and disrupt critical enterprise functions. According to the 2013 Cost of Cyber Crime Study, advanced security intelligence tools such as security information and event management (SIEM), network intelligence systems, and big data analytics, can significantly help to mitigate data threats and reduce the cost of cybercrime.(1)

Key findings from the 2013 study include:

  • The average annualized cost of cybercrime incurred per organization was $11.56 million, with a range of $1.3 million to $58 million. This is an increase of 26 percent, or $2.6 million, over the average cost reported in 2012.
  • Organizations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.
  • The average time to resolve a cyberattack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day—a 55-percent increase over last year’s estimated average cost of $591,780 for a 24-day period.

“The threat landscape continues to evolve as cyberattacks grow in sophistication, frequency and financial impact,” said Frank Mong, vice president and general manager, Solutions, Enterprise Security Products, HP. “For the fourth consecutive year, we have seen the cost savings that intelligent security tools and governance practices can bring to organizations, and as HP, we are committed to continuing to deliver both industry-leading solutions and research to further disrupt the threat life cycle of the adversary.”

The most costly cybercrimes are caused by denial-of-service, malicious-insider and web-based attacks, together accounting for more than 55 percent of all cybercrime costs per organization on an annual basis.

  • Information theft continues to represent the highest external costs, with business disruption a close second.(6) On an annual basis, information loss accounts for 43 percent of total external costs, down 2 percent from 2012. Business disruption or lost productivity accounts for 36 percent of external costs, an increase of 18 percent from 2012.
  • Recovery and detection are the most costly internal activities. For the past year, recovery and detection combined accounted for 49 percent of the total internal activity cost, with cash outlays and labor representing the majority of these costs.
  • Cybercrime cost varies by company size, but smaller organizations incur a significantly higher per-capita cost than larger organizations.
  • Organizations in financial services, defense, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products.

Organizations using security intelligence technologies were more efficient in detecting and containing cyberattacks, experiencing an average cost savings of nearly $4 million per year, and a 21 percent return on investment (ROI) over other technology categories, the survey says. In addition, deployment of enterprise security governance practices including investing in adequate resources, appointing a high-level security leader, and employing certified or expert staff can reduce cybercrime costs and enable organizations to save an estimated average of $1.5 million per year.

“Information is a powerful weapon in an organization's cybersecurity arsenal,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Based on real-world experiences and in-depth interviews with more than 1,000 security professionals around the globe, the Cost of Cyber Crime research provides valuable insights into the causes and costs of cyberattacks. The research is designed to help organizations make the most cost-effective decisions possible in minimizing the greatest risks to their companies.”

In addition to the fourth annual study of U.S. companies, Ponemon conducted cybercost studies for companies in Australia, Germany, Japan and the United Kingdom for the second year in a row. A study of French companies was conducted for the first time this year. Of the countries surveyed, the U.S. sample reported the highest total average cost of cybercrime, at $11.6 million, while the Australia sample reported the lowest, at $3.7 million. The global results are available in a separate report entitled, 2013 Global Report on the Cost of Cyber Crime.

Findings from the studies will be presented via webcast on Oct. 29 and 30. Details for the U.S. webinar can be found at https://www.brighttalk.com/r/ghs.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+