Cost of cybercrime continues to increase for US companies

The Ponemon Institute as published its fifth report on the cost of cybercrime which provides interesting data on impact on the US companies.

Which is the cost of cybercrime suffered by US companies? The fifth annual report published by the Ponemon Institute and titled “2014 Global Report on the Cost of Cyber Crime” reveals that cyber attacks against large US companies (the Ponemon Institute focused on companies having more that 1,000 employees) result in an average of $12.7 million in annual damages.

The report, sponsored this year by Hewlett Packard’s Enterprise Security division, confirmed an increase of 9.7 percent from the previous year, the research has discovered that the economic losses are mainly related to business disruption and data breaches information loss account for nearly three-quarters of the cost of cybercrime incidents.

The sectors that suffers the higher cost of cybercrime according to the Ponemon Institute are energy and utility companies and the financial industry, the number of the attacks against both industries is increasing at a worrying trend.

The security posture of companies is significant in the evaluation of the cost of cybercrime they suffer, as explained in the report organizations that invest in security result lower costs associated with security incidents. Analyzing the economic benefit for the adoption of an efficient security policy, the expert at the Ponemon Institute observed a reduction of cost of cybercrime by an average of $2.6 million.

“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

An alarming data published in the report is the average company took detect a cyber attack against its systems, 170 days to detect an attack and 31 days on average to apply necessary mitigation actions. The most dangerous attacks are related to the activity of insiders, these attacks are more difficult to be detected and took about two months to resolve.

As explained in the Ponemon Institute, the cost of cybercrime depends on the size of the victims, the largest firms had greater cost of cybercrime, meanwhile smaller firms had higher damages per employee ($1,601 per worker).

Web-based attacks are most expensive incidents for smaller companies, followed by malware based attacks and denial-of-service attacks, meanwhile large enterprises mainly suffers denial-of-service attacks.

I consider very difficult to evaluate the overall cost of cybercrime for a company, the data proposed could give us an idea of the trends on the topic, but in my opinion probably the real cost for companies is significantly higher.

Anyway I suggest you the reading of this interesting report.

Pierluigi Paganini

(Security Affairs – cost of cybercrime, Ponemon Institute)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.