Cost of cybercrime continues to increase for US companies

The Ponemon Institute as published its fifth report on the cost of cybercrime which provides interesting data on impact on the US companies.

Which is the cost of cybercrime suffered by US companies? The fifth annual report published by the Ponemon Institute and titled “2014 Global Report on the Cost of Cyber Crime” reveals that cyber attacks against large US companies (the Ponemon Institute focused on companies having more that 1,000 employees) result in an average of $12.7 million in annual damages.

The report, sponsored this year by Hewlett Packard’s Enterprise Security division, confirmed an increase of 9.7 percent from the previous year, the research has discovered that the economic losses are mainly related to business disruption and data breaches information loss account for nearly three-quarters of the cost of cybercrime incidents.

The sectors that suffers the higher cost of cybercrime according to the Ponemon Institute are energy and utility companies and the financial industry, the number of the attacks against both industries is increasing at a worrying trend.

The security posture of companies is significant in the evaluation of the cost of cybercrime they suffer, as explained in the report organizations that invest in security result lower costs associated with security incidents. Analyzing the economic benefit for the adoption of an efficient security policy, the expert at the Ponemon Institute observed a reduction of cost of cybercrime by an average of $2.6 million.

“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

An alarming data published in the report is the average company took detect a cyber attack against its systems, 170 days to detect an attack and 31 days on average to apply necessary mitigation actions. The most dangerous attacks are related to the activity of insiders, these attacks are more difficult to be detected and took about two months to resolve.

As explained in the Ponemon Institute, the cost of cybercrime depends on the size of the victims, the largest firms had greater cost of cybercrime, meanwhile smaller firms had higher damages per employee ($1,601 per worker).

Web-based attacks are most expensive incidents for smaller companies, followed by malware based attacks and denial-of-service attacks, meanwhile large enterprises mainly suffers denial-of-service attacks.

I consider very difficult to evaluate the overall cost of cybercrime for a company, the data proposed could give us an idea of the trends on the topic, but in my opinion probably the real cost for companies is significantly higher.

Anyway I suggest you the reading of this interesting report.

Pierluigi Paganini

(Security Affairs – cost of cybercrime, Ponemon Institute)