The average annualized cost of cyber crime for U.S. organizations was $11.56 million, which is a 78 percent hike from four years ago, a new study found.
The 2013 Cost of Cyber Crime Study by HP and the Ponemon Institute found the average annualized cost of cybercrime incurred by a benchmark sample of U.S. organizations was $11.56 million, a 78 percent increase since the initial study four years ago.
The results also found the time it takes to resolve a cyber attack increased by nearly 130 percent during this same period, with the average cost incurred to resolve a single attack totaling more than $1 million.
With the average cost of an attack coming in at $11.56 million and the cost to resolve an attack at $1 million, it may just behoove a manufacturing automation company to employ some type of defense in depth program to stave off attackers and protect the $12.56 million total cost of an attack.
The survey relied upon real-world experiences and in-depth interviews with more than 1,000 security professionals around the globe, Ponemon officials said.
The sophistication of cyber attacks has grown exponentially in recent years, as the bad guys specialize and share intelligence in order to obtain sensitive data and disrupt critical enterprise functions.
Advanced security intelligence tools such as security information and event management (SIEM), network intelligence systems, and big data analytics, can significantly help to mitigate data threats and reduce the cost of cybercrime, according to the study.
Key findings include:
• The average annualized cost of cybercrime incurred per organization was $11.56 million, with a range of $1.3 million to $58 million. This is an increase of 26 percent, or $2.6 million, over the average cost reported in 2012.
• Organizations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.
• The average time to resolve a cyber attack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day—a 55 percent increase over last year’s estimated average cost of $591,780 for a 24-day period.
“The threat landscape continues to evolve as cyber attacks grow in sophistication, frequency and financial impact,” said Frank Mong, vice president and general manager, Solutions, Enterprise Security Products, HP.
“For the fourth consecutive year, we have seen the cost savings that intelligent security tools and governance practices can bring to organizations, and as HP, we are committed to continuing to deliver both industry-leading solutions and research to further disrupt the threat life cycle of the adversary,” he said.
The real cost of cyberattacks:
• The most costly cybercrimes are denial-of-service, malicious-insider and web-based attacks, together accounting for more than 55 percent of all cybercrime costs per organization on an annual basis.
• Information theft continues to represent the highest external costs, with business disruption a close second. On an annual basis, information loss accounts for 43 percent of total external costs, down 2 percent from 2012. Business disruption or lost productivity accounts for 36 percent of external costs, an increase of 18 percent from 2012.
• Recovery and detection are the most costly internal activities. For the past year, recovery and detection combined accounted for 49 percent of the total internal activity cost, with cash outlays and labor representing the majority of these costs.
• Cybercrime cost varies by company size, but smaller organizations incur a significantly higher per-capita cost than larger organizations.
• Organizations in financial services, defense, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products.
Security intelligence solutions and governance practices make the difference:
• Organizations using security intelligence technologies were more efficient in detecting and containing cyber attacks, experiencing an average cost savings of nearly $4 million per year, and a 21 percent return on investment (ROI) over other technology categories.
• Deployment of enterprise security governance practices including investing in adequate resources, appointing a high-level security leader, and employing certified or expert staff can reduce cybercrime costs and enable organizations to save an estimated average of $1.5 million per year.
“Information is a powerful weapon in an organization’s cyber security arsenal,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.