Cybercrime costs are on the rise, according to the Ponemon Institute's 2015 Cost of Cyber Crime Study. The privacy and data protection research firm began conducting this annual study in 2009 with two goals in mind: 1) get an accurate calculation of how cyber attacks financially impact businesses every year, and 2) help businesses estimate how much money, technology and manpower they should invest to help protect against and recover from an attack.
The results of this year's study, which was based off of a representative sample of 252 organizations in seven countries, concluded that cyber attacks cost the average large U.S. company a startling $15.4 million a year. That's an 82 percent increase over Ponemon's inaugural study and a 12 percent jump over last year. Every country's report showed an increase in the cost of cyber crime, with Russia coming in at the lowest total average cost at $2.4 million. These numbers reflect the total costs involved to detect, recover, investigate and manage damage control. It also accounts for what businesses spend trying to reduce the costs associated with business disruptions and customer loss.
The biggest threat to a company's cybersecurity? Malicious insiders. This could be a current or former employee, business partner or contractor or sub-contractor with access to an organization's network and data. While virus, worms and Trojans are much more commonplace, they're far less expensive to detect and resolve.
When it comes to mitigating costs, resolution time proved to be a critical factor — in other words, the faster a business resolves a cyber attack, the less it will cost them in the end. Here in the U.S., it takes companies approximately 46 days to contain an attack, at an average cost of $21,115 per day. That's almost $1 million in less than two months.
These numbers may seem disheartening, but the study did cite potential solutions to help companies reduce these costs going forward. One common denominator that contributed to resolving cyber attacks faster, according to Ponemon's findings, was the deployment of security intelligence technologies. Companies that invested in those technologies were found to be more successful in detecting and containing attacks sooner than companies that did not. Likewise, companies that employ expert staff save an average of $1.5 million.
As cyber attacks continue to be an ever-present threat in today's world, investing in cybersecurity is no longer an option, says Brett Wahlin, VP and CISO for HP, who sponsored the study. It's a necessity. As an IT professional with a Master of Science in Information Assurance, you could help drive the cybersecurity revolution forward and become the solution for some of the world's biggest brands. Could you be the next-gen cyber hero?
Visit our Resource Center for more details on the information assurance industry.