IT Attacks Cost Companies $200K a Year

May 23, 2012

The result of not bulking up information security efforts could cost companies more than $200,000, a study reveals.

Independently conducted by the Ponemon Institute, the "Impact of Cybercrime on Businesses" survey states that targeted attacks cost enterprises an average of $214,000. The expenses are associated with a forensic investigation, investments in technology and brand recovery costs.

The report polled 2,618 C-level executive and IT security personnel from the United States, United Kingdom, Germany, Hong Kong and Brazil. Its purpose was to identify commonalities among the countries.

The report noted that:

The level of risk for cybercrime varies among countries. DoS attacks are considered to pose the

greatest risk to organizations. Respondents in the U.S., UK and Hong Kong report they are most

worried about denial of service attacks and in Brazil respondents are concerned about viruses, worms

and trojans. Social engineering is the greatest concern in Germany.

An average of 43 percent of respondents report SQL injections as the most serious attacks their

organizations experienced in the past two years. More than one-third of organizations represented in

this research experienced APTs (35 percent), botnets (33 percent) and DoS attacks (32 percent).

Organizations face an average of 66 cyber attacks weekly that cause business disruptions.

Organizations in Germany and the U.S. experience the highest average rate of weekly attacks, 82

and 79 respectively. Brazil and Hong Kong have the lowest frequency, on average 47 and 54 per

week respectively. On average, respondents believe 17 percent of machines and mobile devices

within their organizations have been infected by an act of cybercrime.

Respondents in all countries reported the most serious consequences are business disruption and

loss of sensitive information, including intellectual property and trade secrets. Of least concern as a

consequence of cybercrime, with the exception of respondents in the UK, are diminished reputation

and brand name followed by equipment damages

The hacker’s motivation. While respondents may have different perceptions about which cyber risks

are most detrimental to their businesses, they all agree that the primary goal for cybercriminals is

financial fraud and/or access to the company’s financial records. In the U.S. and UK, financial gain is

followed by theft of customer data. Approximately five percent of security attacks are motivated by

political or ideological agendas.

Cybercrime continues to be costly for businesses worldwide. In the aftermath of one cybercrime

attack, the cost to investigate, recover brand and reputation and invest in technologies ranges from

an average high of $298,359 (U.S. $ dollars) for German organizations to an average low of $106,904

(U.S. $ dollars) for Brazilian organizations.

Too little is done in many countries to prevent cybercrime. While the majority of companies have

the important security building blocks, such as firewalls and IPS, needed for their security

infrastructure, less than half of organizations in this study have advanced protections to fight botnets

and APTs. The majority of organizations in the U.S. and Germany are deploying solutions and training that are

more specific to addressing cyber risk such as anti-bot, application controls and security intelligence

systems. Whereas, other countries represented in this study are lagging behind in their cyber security

readiness.

The full report is at: http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

IT Attacks Cost Companies $200K a Year

Related Articles

Related Products

Report Abusive Comment