Cybercrime costs up nearly 40pc, attack frequency doubles – study

9 Oct 2012

The occurrence of cyberattacks has more than doubled for the third year in a row while the associated costs have increased by nearly 40 pc, the 2012 Cost of Cyber Crime Study suggests.

Conducted by the Ponemon Institute and sponsored by HP, the study found the average annualised cost of cybercrime incurred by a sample of US organisations was US$8.9m. This represents a 6pc increase over the average cost reported in 2011, and a 38pc increase over 2010.

The 2012 study also revealed a 42pc jump in the number of cyberattacks, with organisations experiencing an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010. 

“Organisations are spending increasing amounts of time, money and energy responding to cyberattacks at levels that will soon become unsustainable,” said Michael Callahan, vice-president, Worldwide Product and Solution Marketing, Enterprise Security Products, HP.

“There is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of these attacks.”

Organisations that deployed security information and event management (SIEM) solutions saved nearly US$1.6m per year. As a result, these organisations had a lower cost of recovery, detection and containment than organisations that had not deployed SIEM solutions.

Cyberattacks that are not resolved quickly can also increase the cost. The average time to resolve a cyberattack is 24 days, but it can take up to 50 days, according to this year’s study. The average cost incurred during this 24-day period was US$591,780, representing a 42pc increase over last year’s estimated average cost of US$415,748 during an 18-day average resolution period.

Costliest cybercrimes

The most costly cybercrimes are those caused by malicious code, denial of service, stolen or hijacked devices, and malevolent insiders. When combined, these account for more than 78pc of annual cybercrime costs per organisation.

Information theft and business disruption represent the highest external costs. On an annual basis, information theft accounts for 44pc of total external costs, up 4pc from 2011. Disruption to business or lost productivity accounted for 30pc of external costs, up 1pc from 2011.

Recovery and detection remain the costliest internal activities associated with cybercrime. On an annual basis, these activities account for almost half of the total internal cost, with operating expenses and labour representing the majority of the total.

“The purpose of this benchmark research is to quantify the economic impact of cyberattacks and observe cost trends over time,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute.

“We believe a better understanding of the cost of cybercrime will assist organisations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.”