Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/6/2015
05:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cost Of Cybercrime Reaches $15 Million Annually Per Org

Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.

The cost of cyberattacks continues to ratchet up in the U.S., with a ski slope of increases of about 20 percent year-over-year for the last six years, according to a new study out by Ponemon Institute. Sponsored by HP Enterprise Security, the 2015 Cost of Cyber Crime Study found that a benchmark sample of U.S. organizations experienced an average cost of cybercrime of $15 million.

“With cyberattacks growing in both frequency and severity, understanding of the financial impact can help organizations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” says Dr. Larry Ponemon, chairman and founder of Ponemon Institute.

The study shows that since 2009, the average cost of cybercrime per organization per year increased by 82 percent. This year the range was anywhere between $1.9 million and $65 million each year per company. While annualized cost increases as organizational size increases, small organizations incur more than double the per-capita cost than large organization, experiencing $1,571 in costs per seat compared to a larger organization's $667 per seat.

The study found that the longer an attack remains unresolved, the more expensive it is to an organization. Currently the average attack remains uncontained for 46 days at a cost of $1.9 million for this typical attack. 

Internally, the highest costs to an organization are for detection and recovery, accounting for 55 percent of internal activity costs incurred in both cash and labor. Meanwhile, information theft makes up 42 percent of external costs, followed by disruption to business, which makes up 36 percent.

Overall, the most expensive cybercrimes are the ones caused by denial-of-service attacks, malicious insiders and malicious code, which together make up 50 percent of all cybercrime costs.

"Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, applications security testing solutions and enterprise GRC solutions," Ponemon wrote in the report. For example, companies that used SIEM technology saved approximately $3.7 million compared to those that didn't.

Similarly, Ponemon reports that enterprise security governance practices will moderate the cost of cybercrime.

"Findings show companies that invest in adequate resources, employ certified or expert staff and appoint a high-level security leader have cyber crime costs that are lower than companies that have not implemented these practices," Ponemon said. "Specifically, a sufficient budget can save an average of $2.8 million, employment of certified/expert security personnel can save $2.1 million and the appointment of a high-level security leader can reduce costs by $2 million."

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5162
PUBLISHED: 2020-02-25
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as t...
CVE-2019-5165
PUBLISHED: 2020-02-25
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker ...
CVE-2020-9383
PUBLISHED: 2020-02-25
An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
CVE-2019-5136
PUBLISHED: 2020-02-25
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands ...
CVE-2019-5137
PUBLISHED: 2020-02-25
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.