Cost of cyber crime rises 56pc, survey shows

3 Aug 2011

Despite widespread awareness, more and more cyber attacks are plaguing business and government organisations, costing them an average of US$5.9m a year, new research suggests.

The Second Annual Cost of Cyber Crime Study, conducted by the Ponemon Institute, revealed the average annual cost of cyber crime for the organisations surveyed ranged from US$1.5m-US$36.5m per organisation.

This represents an increase of 56pc from the average cost reported in the inaugural study published in July 2010.

Recovery and detection are costing organisations the most money, the survey found.

“Instances of cyber crime have continued to increase in both frequency and sophistication, with the potential impact to an organisation’s financial health becoming more substantial,” said Tom Reilly, vice-president and general manager, Enterprise Security, HP.

“Organisations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cyber crime.”

Within a period of four weeks, the organisations surveyed reported 72 successful cyber attacks per week, which is an increase of 45pc from the previous year. Malicious code, denial of service, stolen devices and web-based attacks were behind more than 90pc of all cyber crime costs.

The Second Annual Cost of Cyber Crime Study provides insight into the level of investment and resources needed to prevent or mitigate the consequences of a cyber attack. Key findings include:

  • Cyber attacks can be costly if not resolved quickly. The average time to resolve a cyber attack is 18 days, with an average cost to participating organisations of nearly $416,000. This represents a nearly 70pc rise from the estimated cost of US$250,000 over a 14-day resolution period in last year’s study. Results also showed that malicious insider attacks can take more than 45 days to contain.
  • Deploying advanced security intelligence and risk management solutions can mitigate the impact of cyber attacks. Organisations that had deployed security information and event management (SIEM) solutions realised a cost savings of nearly 25pc, resulting from the enhanced ability to quickly detect and contain cyber crimes. As a result, these organisations experienced a substantially lower cost of recovery, detection and containment than organisations that had not deployed SIEM solutions.

“As the sophistication and frequency of cyber attacks increases, so, too, will the economic consequences,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute. “Figuring out how much to invest in security starts with understanding the real cost of cyber crime.”