IT Attacks Cost Companies $200K a Year
The result of not bulking up information security efforts could cost companies more than $200,000, a study reveals.
Independently conducted by the Ponemon Institute, the "Impact of Cybercrime on Businesses" survey states that targeted attacks cost enterprises an average of $214,000. The expenses are associated with a forensic investigation, investments in technology and brand recovery costs.
The report polled 2,618 C-level executive and IT security personnel from the United States, United Kingdom, Germany, Hong Kong and Brazil. Its purpose was to identify commonalities among the countries.
The report noted that:
The level of risk for cybercrime varies among countries. DoS attacks are considered to pose the
greatest risk to organizations. Respondents in the U.S., UK and Hong Kong report they are most
worried about denial of service attacks and in Brazil respondents are concerned about viruses, worms
and trojans. Social engineering is the greatest concern in Germany.
An average of 43 percent of respondents report SQL injections as the most serious attacks their
organizations experienced in the past two years. More than one-third of organizations represented in
this research experienced APTs (35 percent), botnets (33 percent) and DoS attacks (32 percent).
Organizations face an average of 66 cyber attacks weekly that cause business disruptions.
Organizations in Germany and the U.S. experience the highest average rate of weekly attacks, 82
and 79 respectively. Brazil and Hong Kong have the lowest frequency, on average 47 and 54 per
week respectively. On average, respondents believe 17 percent of machines and mobile devices
within their organizations have been infected by an act of cybercrime.
Respondents in all countries reported the most serious consequences are business disruption and
loss of sensitive information, including intellectual property and trade secrets. Of least concern as a
consequence of cybercrime, with the exception of respondents in the UK, are diminished reputation
and brand name followed by equipment damages
The hacker’s motivation. While respondents may have different perceptions about which cyber risks
are most detrimental to their businesses, they all agree that the primary goal for cybercriminals is
financial fraud and/or access to the company’s financial records. In the U.S. and UK, financial gain is
followed by theft of customer data. Approximately five percent of security attacks are motivated by
political or ideological agendas.
Cybercrime continues to be costly for businesses worldwide. In the aftermath of one cybercrime
attack, the cost to investigate, recover brand and reputation and invest in technologies ranges from
an average high of $298,359 (U.S. $ dollars) for German organizations to an average low of $106,904
(U.S. $ dollars) for Brazilian organizations.
Too little is done in many countries to prevent cybercrime. While the majority of companies have
the important security building blocks, such as firewalls and IPS, needed for their security
infrastructure, less than half of organizations in this study have advanced protections to fight botnets
and APTs. The majority of organizations in the U.S. and Germany are deploying solutions and training that are
more specific to addressing cyber risk such as anti-bot, application controls and security intelligence
systems. Whereas, other countries represented in this study are lagging behind in their cyber security
The full report is at: http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf