Cybercrime Costs Rise, Resolution Time Lengthens
October 9, 2013

HP, Ponemon Institute Release 2013 Cost of Cyber Crime Report

Enid Burns for - Your Universe Online

A new study conducted by the Ponemon Institute sponsored by HP Enterprise Security Products finds that the cost of cybercrime has grown 78 percent and the time it takes to resolve attacks has doubled. The 2013 Cost of Cyber Crime Study is the fourth annual study released to date.

The study shows that both frequency and time it takes to resolve cyberattacks continues to rise for the fourth consecutive year. Among US organizations, the monetary toll of cyberattacks reached $11.56 million, which is a 78 percent increase since the first study was conducted four years ago. Companies also take longer to address breaches. The study observed a 130 percent increase in the time it takes to resolve cyberattacks. This could be due to increasing complexity of the attacks. The Ponemon Institute estimates that each single attack totals more than $1 million for the corporation to resolve.

"The sophistication of cyberattacks has grown exponentially in recent years, as adversaries both specialize and share intelligence in order to obtain sensitive data and disrupt critical enterprise functions," said a corporate statement from HP Enterprise Security Products.

Successful attacks, where sensitive information is gleaned by cyber criminals, are on the rise. Organizations experienced an average of 122 successful attacks per week, up from an average 102 attacks per week in 2012.

The average time to resolve a cyberattack was 32 days. In that period, an average cost incurred by the company to secure its systems from the current and future attacks was $1,035,769. That equates to $32,469 per day. Ponemon Institute equates this to a 55 percent increase over the 2012 average cost of $591,780 over a 24-day period.

"The threat landscape continues to evolve as cyberattacks grow in sophistication, frequency and financial impact," said Frank Mong, vice president and general manager, Solutions, Enterprise Security Products, for HP. "For the fourth consecutive year, we have seen the cost savings that intelligent security tools and governance practices can bring to organizations, and as HP, we are committed to continuing to deliver both industry-leading solutions and research to further disrupt the threat life cycle of the adversary."

Cyberattacks take on several forms. The most costly forms of cybercrimes, according to HP, are caused by denial-of-service, malicious-insider, and web-based attacks. These attacks account for more than 55 percent of all cybercrime costs for organizations on an annual basis.

Information theft may be down the list, but is no less of a threat. Information theft can rack up high external costs and cause business disruption. On an annual basis, information loss accounts for 43 percent of total external costs. The good news is that figure is down 2 percent from 2012. Business disruption or lost productivity accounts for 36 percent of external costs, which is up 18 percent from 2012.

The United States is large target for cybercrime. "While the numbers are significant and up across the world, they are notably larger in the United States and Germany. Possible reasons are the number of attractive targets in these countries as well as more complicated and expensive regulatory compliance costs," wrote Larry Seltzer, in a ZD Net article.