IT | Security

The Cost of Cyber Crime is Increasing

By: Absolute Editorial Team | 10/29/2014

The Ponemon Institute, on behalf of HP, released their Cost of Cyber Crime Study, which looks at the costs of data breaches associated with traditional cybercrime (viruses, worms, Trojans, malware) along with more advanced cover attacks and malicious insiders.

The Ponemon Institute surveyed 59 U.S. companies, performing 544 individual interviews, and overall surveyed 257 companies in 7 countries to understand these costs for the period of April 2013 to May 2014. According to the results, the US leads the world in both number and cost of cyber attacks.

The average cost of a data breach was $7.6 million, though the costs range from $500,000 to $61 million. These costs represent the detection, recovery, investigation and management of the incident response alone. The costs do not take into account the loss of public confidence and trust.

Insights from the survey include:

  • There were 429 cyber attacks detected by these 257 organizations in one 12 month period
  • These cyber attacks average to 1.6 attacks per week
  • The average time to contain a cyber attack was 31 days (this remediation period is increasing)
  • The mean annualized cost for the U.S. companies surveyed was $12.7 million, up 9.3% from last year
  • Malicious insiders cause the most expensive damage
  • Larger companies bear higher costs with data breaches, but small companies face a higher per employee cost
  • Companies that use security intelligent systems were more efficient in detecting and containing cyber attacks (reducing costs)

As we've seen with other studies, organizations that consider compliance a ‘base’ for security planning, instead taking the opportunity to set up a unified and layered approach to data protection, fare the best:

"Companies that invest in adequate resources, appoint a high-level security leader, and employ certified or expert staff have cyber crime costs that are lower than companies that have not implemented these practices,” says the report.

The report suggests that mitigating attacks and reduced breach costs can be achieved with SIE (security information and event management) suites, intrusion prevention systems, applications security testing solutions and enterprise GRC (governance, risk management and compliance) solutions.

Absolute can provide a solid GRC base for your endpoint management and security needs. For more on our data security offerings, read here.