Cybercrime Cleanup Costs Spike

Ponemon study finds median cost of responding to successful security breaches increased by 56% over the past year, thanks to more persistent and sophisticated attackers.

Mathew J. Schwartz, Contributor

August 2, 2011

4 Min Read

10 Massive Security Breaches

10 Massive Security Breaches

(click image for larger view)
Slideshow: 10 Massive Security Breaches

Over the past year, the median cost of cybercrime increased by 56%, and now costs companies an average of $6 million per year.

That finding comes from Ponemon Institute, which on Tuesday released its Second Annual Cost of Cyber Crime Study, sponsored by HP ArcSight. For the study, Ponemon questioned 50 U.S.-based businesses, ranging in size from 700 to 139,000 employees, about "the direct, indirect, and opportunity costs that resulted from the loss or theft of information, disruption to business operations, revenue loss, and destruction of property, plant, and equipment."

Ponemon found that from 2010 to 2011, the time and cost required to respond to security breaches has been increasing. Notably, the time organizations required to respond to a successful attack increased from 14 days last year to 18 days this year. Over the same period, the average daily cost of attacks increased from $17,600 to nearly $23,000.

In addition, the study found that organizations experienced an average of "72 discernible and successful cyber attacks per week," which is an increase of 44% from the previous year. Of the resulting costs incurred by organizations, the largest was information loss (accounting for 40% of the total cost), followed by business disruption (28%), revenue loss (18%), and equipment damage (9%).

The increase in attack frequency--as well as companies seeing more sophisticated attacks--has led to related increases in cleanup costs and duration. "Really determined attackers often establish multiple beachheads within an organization, so cleaning up an attack is not just about quarantining one device," said Ryan Kalember, director of product marketing at HP ArcSight, in an interview. In other words, once attackers break in, identifying the potentially breached information, as well as all systems that may have been infected with rootkits, backdoors, or other malware, becomes more difficult.

In terms of attack type, 100% of organizations reported experiencing viruses, worms, or Trojans, followed by malware (96%), botnets (82%), Web-based attacks (64%), stolen devices (44%), malicious code (42%), malicious insiders (30%), and phishing and social engineering (30%).

Some types of attacks cost more and take more time to fix. Overall, the costliest attacks involved denial of service, and cost companies in total about $188,000 per year, weighted by frequency of attacks. That was followed by Web-based attacks ($142,000), malicious code ($127,000), and malicious insiders ($105,000).

Once an organization suffered a breach, on an annualized basis, proportionally speaking, its cleanup spending went to recovery (24%), followed by detection (21%), containment (16%), investigation (16%), and ex-post response, including remediation (15%). In terms of industries, the defense sector spent the most money responding and mitigating attacks, followed by utilities and energy companies, and financial services firms.

This Ponemon study's results differ notably from other data breach cost studies, such as Symantec's annual study on the cost of data breaches (also conducted by Ponemon), or the 2011 Data Breach Investigations Report from Verizon. Notably, this new study found that the defense sector, as well as utilities and energy companies, faced the most breaches per year--whereas the Verizon study said that the hospitality and retail sectors were hardest hit.

Kalember at HP ArcSight said many of the differences can be explained by this study focusing on overall cyber crime, rather than individual breaches. In addition, the data set used by Verizon draws from Secret Service and Dutch High Tech Crime Unit investigations, meaning it's based on incidents that companies report to authorities. "But I'm guessing that most cyber crime that happens in these organizations doesn't get reported to police," said Kalember. In addition, while this Ponemon report focused on cyber crime, the Verizon study took a broader approach, for example including card-skimming attacks that harvest debit and credit card data.

Regardless of the data set, numerous studies, including this one, suggest that online attacks are growing more sophisticated, and thus dangerous. "The fact that discernible attacks in this year's study have increased--coupled with the fact that the time to resolve attacks has also increased--suggests the cyber crime landscape continues to evolve in terms of attack severity and frequency," according to the study. "In other words, results of the present study suggest things might be getting worse."

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights