Risk

10/6/2015
05:00 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Cost Of Cybercrime Reaches $15 Million Annually Per Org

Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.

The cost of cyberattacks continues to ratchet up in the U.S., with a ski slope of increases of about 20 percent year-over-year for the last six years, according to a new study out by Ponemon Institute. Sponsored by HP Enterprise Security, the 2015 Cost of Cyber Crime Study found that a benchmark sample of U.S. organizations experienced an average cost of cybercrime of $15 million.

“With cyberattacks growing in both frequency and severity, understanding of the financial impact can help organizations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” says Dr. Larry Ponemon, chairman and founder of Ponemon Institute.

The study shows that since 2009, the average cost of cybercrime per organization per year increased by 82 percent. This year the range was anywhere between $1.9 million and $65 million each year per company. While annualized cost increases as organizational size increases, small organizations incur more than double the per-capita cost than large organization, experiencing $1,571 in costs per seat compared to a larger organization's $667 per seat.

The study found that the longer an attack remains unresolved, the more expensive it is to an organization. Currently the average attack remains uncontained for 46 days at a cost of $1.9 million for this typical attack. 

Internally, the highest costs to an organization are for detection and recovery, accounting for 55 percent of internal activity costs incurred in both cash and labor. Meanwhile, information theft makes up 42 percent of external costs, followed by disruption to business, which makes up 36 percent.

Overall, the most expensive cybercrimes are the ones caused by denial-of-service attacks, malicious insiders and malicious code, which together make up 50 percent of all cybercrime costs.

"Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, applications security testing solutions and enterprise GRC solutions," Ponemon wrote in the report. For example, companies that used SIEM technology saved approximately $3.7 million compared to those that didn't.

Similarly, Ponemon reports that enterprise security governance practices will moderate the cost of cybercrime.

"Findings show companies that invest in adequate resources, employ certified or expert staff and appoint a high-level security leader have cyber crime costs that are lower than companies that have not implemented these practices," Ponemon said. "Specifically, a sufficient budget can save an average of $2.8 million, employment of certified/expert security personnel can save $2.1 million and the appointment of a high-level security leader can reduce costs by $2 million."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10727
PUBLISHED: 2018-07-20
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive ...
CVE-2018-8018
PUBLISHED: 2018-07-20
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a spe...
CVE-2018-14415
PUBLISHED: 2018-07-20
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
CVE-2018-14418
PUBLISHED: 2018-07-20
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
CVE-2018-14419
PUBLISHED: 2018-07-20
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.