Cost of cyber crime increases 78 percent in four years
HP has released the results of a global study conducted with the Ponemon Institute indicating that the cost, frequency and time taken to resolve cyber attacks has risen for the fourth consecutive year.
The 2013 Cost of Cyber Crime Study found that the average annualized cost of cyber crime incurred by a benchmark sample of US organizations was $11.56 million, representing a 78 percent increase since the initial study was conducted four years ago and 26 percent up on the figure reported in 2012. The results also show that the time it takes to resolve a cyber attack has increased by nearly 130 percent during this same period, with the average cost incurred to resolve a single attack totaling more than $1 million.
The number of attacks have increased too with organizations experiencing an average of 122 successful attacks per week, up from 102 attacks per week in 2012. The average time to resolve a cyber attack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day -- a 55 percent increase over last year's estimated average cost of $591,780 for a 24-day period.
"The threat landscape continues to evolve as cyber attacks grow in sophistication, frequency and financial impact," says Frank Mong, vice president and general manager, Solutions, Enterprise Security Products, HP. "For the fourth consecutive year, we have seen the cost savings that intelligent security tools and governance practices can bring to organizations, and as HP, we are committed to continuing to deliver both industry-leading solutions and research to further disrupt the threat life cycle of the adversary".
When it comes to the cost of attacks, the report reveals that the most costly cyber crimes are caused by denial-of-service, malicious-insider and web-based attacks, together accounting for more than 55 percent of all cyber crime costs per organization. Information loss accounts for 43 percent of total external costs, down 2 percent from 2012. Business disruption or lost productivity accounts for 36 percent of external costs, an increase of 18 percent over 2012. Recovery and detection account for 49 percent of internal costs.
Cybercrime cost varies by company size, but smaller organizations incur a significantly higher per-capita cost. Organizations in financial services, defense, and energy and utilities experience substantially higher cyber crime costs than those in other sectors.
Organizations using security intelligence technologies were more efficient in detecting and containing cyber attacks, experiencing an average cost saving of nearly $4 million per year, and a 21 percent return on investment over other technology categories. Deploying good security practices and employing expert staff can reduce cyber crime costs and result in estimated savings of $1.5 million per year.
Findings from the study will be presented via webcast on October 29 and 30. Details for the webinar can be found at https://www.brighttalk.com/r/ghs.