The average cost of resolving a single cybercrime attack has climbed to more than $1 million, representing
a 55 percent increase over the estimated average cost reported last year. That’s one of several stunning findings in a newly released report that documents the rising cost, frequency and time it takes to resolve cyberattacks in the U.S.
The 2013 Cost of Cyber Crime is the fourth annual study of American companies, conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products. It found that cybercrime’s annualized cost for a company is now, on average, about $11.56 million, a 26 percent increase over the average cost in 2012.
The range of costs to combat cybercrime was $1.3 million to $58 million, and smaller organizations have a higher per capita cost that larger ones. Since the study was initiated four years ago, the average annualized cost has risen 78 percent. And, the time it takes to resolve a cyberattack has jumped nearly 130 percent over the same period, to 32 days in 2013. On average, organizations are weathering 122 successful attacks weekly, up from an average of 102 in 2012. This compares to an average of 72 attacks weekly in 2011 and 50 in 2010.
‘Cyberattacks Grow in Sophistication’
Frank Mong, vice president and general manager of Solutions for Enterprise Security Products at HP, said in a statement that “the landscape continues to evolve as cyberattacks grow in sophistication, frequency and financial impact.”
On the positive side, the study said that advanced intelligence solutions have resulted in organizations saving an average of $4 million annually, due to lower costs of recovery, detection and containment. These can include network intelligence systems, inclusion prevention systems, application security testing, governance, and risk management.
HP offers a Security Intelligence platform that incorporates advanced threat research and correlates between security events and vulnerabilities, to provide intelligence related to IT operations and . Its Threat Central, which HP has described as “Yelp for security intelligence,” is its portal for companies to share information about cyberattacks.
Information Theft, Business Disruption
Most of the attacks -- accounting for 55 percent of the annual total -- are caused by denial-of-service attacks (DOS), malicious insiders, and other Web-based attacks. Information theft is the cause of the highest external costs, followed by business disruption, while recovery and detection are the most costly internal activities.
In addition to this annual examination of the situation in the U.S., the Ponemon Institute also conducted studies of companies in Australia, Germany, Japan, the U.K. and France. Total average costs were highest in the U.S. and lowest in Australia.
Larry Ponemon, chairman of the Institute that bears his name, said in a statement that the annual study is intended to “help organizations make the most cost-effective decisions possible in minimizing the greatest risks to their companies.” The Ponemon Institute focuses on research relating to privacy, data and information security policy.
Posted: 2013-10-18 @ 7:14pm PT
@Enterprise Observer: You're right, but it's common practice with many hardware and software vendors in our industry... identify a problem... get it validated by an independent party... and show how your product or service offers the solution.
Posted: 2013-10-18 @ 7:11pm PT
Of course, this is how HP promotes its big $$ products. First, it sponsors a cybercrime "study" designed to decry the great costs of each cyber attack. Then, the sponsored study concludes that the costs of protecting against said cyberattacks are much, much higher than the cost of, say, an HP hardware/software system. And finally (surprise, surprise), HP puts out a press release to publicize the study and reminds potential customers that HP has a magical hardware/software system, that for the mere price of a couple hundred thousand $$, is a GREAT investment against the supposedly rising costs of cyberattacks. Cute, but VERY transparent, HP.