Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

5/3/2019
07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Cybercrime Study Finds Increasing Costs as Well as Changing Targets & Methods

Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources.

In the Ninth Annual Cost of Cybercrime Study, Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources. They interviewed 2,647 senior leaders from 355 companies and drew on the experience and expertise of the Accenture Security professionals to examine the economic impact of cyber attacks.

Accenture thinks that attacks are evolving from the perspective of what they target and how they impact organizations as well as the changing methods of attack that they employ. Extended supply chain threats are also challenging an organization's business ecosystem. Attackers have slowly shifted their attack patterns to exploit third- and fourth-party supply chain partner environments to gain entry to target systems -- even those industries that have mature cybersecurity standards, frameworks and regulations. Supply chain attacks are a way around all that preparation.

The report finds information theft is the most expensive and fastest rising consequence of cybercrime. This kind of theft is expected and the predominate mental threat model the security team uses, without doubt.

But data is not the only target. Core systems, such as industrial controls or other operational technology, are being attacked in a "dangerous trend to disrupt and destroy." Attacking an enterprise's data integrity or preventing data toxicity may be the next frontier in security.

One thing seems to be clear: Humans are increasingly targeted as the weakest link in cyber defenses.

The report found that the expanding threat landscape lead to an increase in cyber attacks. The average number of security breaches in an enterprise during the last year grew by 11% from 130 to 145.

While Internet dependency and the digital economy are flourishing, 68% of business leaders said their cybersecurity risks are also increasing. Almost 80% of organizations say that they are introducing digitally fueled innovation faster than their ability to secure it against cyber attackers.

Along with increased attack incidence came increased spending on remediation. The report found the average cost of cybercrime for an organization increased US$1.4 million to US$13.0 million.

Accenture also found that the banking and utilities sectors continued to have the highest cost of cybercrime across their sample with an increase of 11% and 16% respectively. The energy sector remained fairly flat over the year with a small increase of 4%, but the health industry experienced a slight drop in cybercrime costs of 8%.

There are location based differences shown as well. the United States continued to top the danger list with the average annual cost of cybercrime increasing by 29% in 2018 to reach US$27.4 million. However, the highest increase (31%) was experienced by organizations in the United Kingdom which grew to US$11.5 million, closely followed by Japan which increased by 30% in 2018 to reach US$13.6 million on average for each organization.

Expenditures for investigating a breach have decreased in three of the four years of analysis. Accenture says that the decreases in spend are due to improvements in forensic analysis capabilities and threat hunting tools. Another factor they cite influencing the reduction in spend is the expanded use of cloud services, which make the investigation of cyber threats more efficient.

The report shows that while the specifics of an attack will change over time, there are trends exhibited by those changes that can be of use.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15596
PUBLISHED: 2020-08-12
The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file.
CVE-2020-15868
PUBLISHED: 2020-08-12
Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control.
CVE-2020-17362
PUBLISHED: 2020-08-12
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
CVE-2020-17449
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS via the error_log file.
CVE-2020-17450
PUBLISHED: 2020-08-12
PHP-Fusion 9.03 allows XSS on the preview page.