The cost and frequency of cybercrime continues to rise for the third straight year, according to new research from HP.
In the company’s third annual study of U.S. companies, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent, according to a press release.
The 2012 Cost of Cyber Crime Study found that the average annualized cost of cybercrime incurred by a benchmark sample of U.S. organizations was $8.9 million, representing a 6 percent increase over the average cost reported in 2011 and a 38 percent increase over 2010, the report says.
The new study also revealed a 42 percent increase in the number of cyber attacks, with organizations experiencing an average of 102 successful attacks per week, compared to 72 in 2011 and 50 in 2010.
According to the report, the most costly cybercrimes continue to be caused by malicious code, denial of service, stolen or hijacked devices, and malevolent insiders. When combined, these can account for more than 78 percent of annual cybercrime costs per organization.
Additional key findings include:
Information theft and business disruption continue to represent the highest external costs. On an annual basis, the report states, information theft accounts for 44 percent of total external costs, up 4 percent from 2011. Disruption to business or lost productivity accounts for 30 percent of external costs.
Deploying advanced security intelligence solutions can mitigate the impact of cyber attacks. Organizations that have deployed security information and event management (SIEM) solutions realized a cost-savings of nearly $1.6 million per year, according to the report. As a result, these companies experience lower costs of recovery, detection and containment.
Cyber attacks are costly if left unattended. The average time to resolve a cyber attack is 24 days, but it can take up to 50 days, according to the HP study. The average cost incurred during the 24-day period is $591,780 – a 42 percent increase over 2011’s estimated average cost of $415,748 during an 18-day average resolution period.
Recovery and detection remain the most costly internal activities associated with cybercrime. On an annual basis, the report says, these activities account for almost half of the total internal cost, with operating expenses and labor representing the majority of the total, the press release says.