August 4, 2011

Cybercrime Costs Rose 56% During Past Year

The costs of cybercrime to businesses and governments grew by 56 percent during the past year, according to an annual study by the Ponemon Institute.

The Institute's second annual "Cost of Cyber Crime" study revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations ranged from $1.5 million to $36.5 million per organization, with a median yearly cost of $5.9 million.

The figures represent a 56 percent increase from those reported in the Institute's inaugural study, published in July 2010.

Recovery and detection are the most costly internal activities, the study found.

Hewlett Packard, which sponsored the research, said the findings demonstrate a cost-reduction opportunity for organizations that are able to automate detection and recovery through enabling security technologies.

"Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organization's financial health becoming more substantial," said Tom Reilly, vice president and general manager, Enterprise Security, for Hewlett-Packard.

"Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime."

Cyberattacks against corporations and governments have become commonplace in recent years.  Indeed, over a four-week period, the organizations surveyed experienced 72 successful attacks per week "“ a 45 percent increase from last year.

Greater than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks, the study found.

The report also sheds light on the level of investments needed to prevent or mitigate the consequences of such an attack, and underscores how costly cyberattacks can be if not resolved quickly.

The study found the average time to resolve a cyberattack is 18 days, with an average cost of nearly $416,000 -- a 70 percent increase from last year.   Malicious insider attacks can often take more than 45 days to contain, according to the report.

Deploying advanced security intelligence and risk management solutions can mitigate this impact, Hewlett-Packard said.  

Indeed, organizations that had deployed security information and event management (SIEM) solutions saw a cost savings of nearly 25 percent, resulting from the enhanced ability to quickly detect and contain cybercrimes.

"As the sophistication and frequency of cyberattacks increases, so too will the economic consequences," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.

"Figuring out how much to invest in security starts with understanding the real cost of cybercrime."

Cybercriminals have targeted a number of large organizations this year, such as Sony, Nintendo, and Ericcson, in addition to the websites of Fox, PBS, and a number of government agencies.


On the Net: