The cost of cyber attacks, their frequency and the cost of resolving them has risen for the fourth year in a row.
This was revealed by Larry Ponemon, chairman and founder of the Ponemon Institute, presenting the results of the "2013 Cost of Cyber Crime Study: Global Report" - that is financed by HP.
Cyber crime is costing businesses millions, he said. The average cost of cyber attacks for the benchmarked sample of companies surveyed for the research is $7.2 million, per company, per year, although this figure ranged from $375 387 to $58 million. This represents a 30% increase from 2012's study.
The study showed the average time among the companies that participated to resolve a cyber attack was 27 days, with an average cost of $509 665 during that period. This cost is up 39% from 2012.
In terms of frequency, Ponemon said the companies that took part in the study experienced 343 successful attacks per week in total, or 1.4 successful attacks per company, per week. This is a 20% increase from 2012's successful attack figures that added up to 262 successful attacks per week across the companies surveyed.
A successful attack is defined by the study as one that results in the infiltration of an organisation's core networks or enterprise systems, and excludes the myriad attacks that are stopped by firewall defences.
At a glance
The study was the culmination of case studies across 234 companies, across the US, UK, France, Japan, Australia and Germany. The study aimed to show the direct, indirect and opportunity costs that resulted from information theft, disruption to business operations, revenue loss and destruction of property. It also aimed to show money spent on detection, investigation, incident response, containment, recovery and ex-post facto response.
According to Ponemon, it also attempted to quantify the economic impact of cyber attacks, and observe trends over time. For this reason, the study adopted a "field-based research" approach, conducting interviews of senior personnel, and gathering information on actual incidents. This took 10 months and nearly 2 000 interviews.
The heaviest costs
The study also revealed malicious insiders cost companies the most, along with denial of service and Web-based attacks. He said these attacks account for 44% of all cyber crime costs across the sample of companies globally, on an annual basis.
2013 Cost of Cyber Crime Study: Global Report
In a nutshell
* 234 companies across the US, UK, Germany, Australia, France and Japan took part
* 1 935 interviews with senior company personnel were conducted
* 1 372 attacks were used to measure the total cost
* $7.22 million is the average annualised cost per company
* 30% net increase in the cost of cyber attacks across the companies surveyed over the last year
In terms of external costs, business disruption proved the highest cost, followed by the costs associated with data loss. "Annually, business disruption and lost productivity account for 38% of external costs. Information loss accounts for 35%."
For internal costs, detection and recovery proved the most expensive activities, accounting for 54% of the total.
"In addition, although all industries fall victim to cyber crime - defence, financial services and energy organisations experienced substantially higher costs than those in retail, media and consumer products."
Better than cure
According to Ponemon, deployment of security intelligence systems has proven to be effective. Companies in the sample that used systems such as security information and event management were more efficient in detecting and containing cyber attacks, and boasted an average cost saving of almost $2 million per company annually, when compared to the sampled businesses without these technologies.
Moreover, the companies that deployed enterprise security governance practices also moderated the costs of cyber crime, and those that invested adequately in these resources saved on average $800 000 yearly.
Share
