Hacking Hit$ Where it Hurt$

Survey shows economic impact of cyber crime on businesses up 56 percent in one year.

A new report by the Ponemon Institute and Hewlett-Packard (HP) shows both the frequency and costs of cyber attacks on a representative sample of businesses are up significantly from just one year ago. In the second annual Cost of Cyber Crime Study, the median annualized cost of cyber crime is estimated by the Ponemon Institute to be more than $5.9 million every year for large companies. This is a 56% increase from 2010. Among those types of businesses in the survey's sample group, the actual yearly cost of cyber crime prevention, recovery and investigation ranged from $1.5 million to more than $36.5 million.

By contrast, the median cost of cyber crime in the inaugural 2010 study was about $3.8 million among a similar sample of big companies. The latest study also reveals a large increase in the number of attacks suffered compared to one year ago. During only a four-week period, the surveyed businesses experienced a total of 72 attacks per week, nearly a 45% increase from 2010. Nearly all the attacks came in the form of malicious code, denial of service, theft of electronic devices and/or Web-based attacks.

In terms of cost, the Ponemon Institute found that cyber attack detection and recovery tend to be the most expensive aspects of information assurance. Those businesses that can build and maintain automated systems to detect attacks and begin the process of system recovery can effectively reduce the economic impact of cyber crime.

When averaged out across all attacks against all businesses surveyed in the 2011 study, each cyber attack cost the victim company more than $416,000 and took 18 days to resolve. In 2010, those figures were about $250,000 and 14 days, respectively. Attacks carried out by a malicious insider are easily the most expensive and time consuming, according to the study. Those cyber crimes often take more than 45 days to contain.

The study found companies that deployed Security Information and Event Management (SIEM) software were able to reduce the overall cost of cyber crime by 25% compared to those companies without the technology in place. SIEM software aids information assurance professionals in the detection and containment of real-time cyber attacks, two areas that contribute significantly to the costs of cyber defense.

As companies of all sizes place greater emphasis on the importance of cyber defense and data integrity, and therefore contribute larger portions of their budgets to the cause, the Ponemon study offers critical insight into the rising costs and frequency of cyber attacks.

Information assurance professionals must be ready to face a continuing rise in the number and severity of cyber attacks as they prepare to deliver maximum value to their employers.

Source: "HP Research Reveals 56 Percent Rise in Cost of Cybercrime"