Ponemon statistics 2012 on cost of cybercrime

At the American Enterprise Institute (AEI) event “Cybersecurity and American power,” Gen. K.B. Alexander, director of the National Security Agency (NSA) and chief at the Central Security Service (CSS), defined cybercrime “the greatest transfer of wealth in history.” alerting Government on the emergency related to intellectual property theft due cyber espionage.

“Symantec placed the cost of IP theft to the United States companies in $250 billion a year, global cybercrime at $114 billion annually ($388 billion when you factor in downtime), and McAfee estimates that $1 trillion was spent globally under remediation. And that’s our future disappearing in front of us. So, let me put this in context, if I could. We have this tremendous opportunity with the devices that we use. We’re going mobile, but they’re not secure. Tremendous vulnerabilities. Our companies use these, our kids use these, we use these devices, and they’re not secure.” he said.

The declaration of high official raises the problem of cybercrime and its impact of global economies, it has been estimated that average annual cost of cybercrime increased 6 percent respect previous year reaching $8.9 million in 2012.

A recent study proposed by the Ponemon Institute revealed that the growth has been driven up by attacks on Websites, denial-of-service attacks and malicious insiders.

The research present an alarming scenarios, every companies is daily victims of different type of attacks such as malware and DDoS with dramatic consequences. Data breach, system destruction and violation of networks are the most common effect suffered by companies, it has been estimated an averaging 1.8 successful attack each week.

In September security firm FireEye has released  an interesting report  named “Advanced Threat Report” related first half of 2012 that provides an overview of the current threat landscape, evolving advanced malware and advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations’ networks today.

Organizations are assisting to an impressive increase in advanced malware that is bypassing their traditional security defenses, there have been detected a lot of agents that are able to elude common defense mechanisms, problem that is afflicting across all sectors, from defense to energy.

The organization are facing with a dramatic explosion of the diffusion of advanced malware in terms of volume and also in effectiveness in bypassing traditional signature-based security mechanisms.

Larry Ponemon, chairman and founder of the Ponemon Institute, confirmed the dangerous trend:

“Stealth is definitely a factor, but they are also more complex,” “You think everything is cleaned up and then you find out the very next day that there is something still in your system.”

Ponemon study states that companies are spending a lot of effort on detecting attacks early to mitigate their effect,  “enterprise with access governance tools and systems required by compliance saved $1.6 million and $1.5 million, respectively.”

The research reports that almost the totality of firms surveyed suffered a malware attack, while 71 percent encountered a computer that had been used as bot agent.

The analysis reported a 42 percent increase in the number of cyberattacks, with organizations experiencing an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010.

Rapid resolution of attacks has assumed great importance respect to detection activities, let’s consider that the average resolution time for cyber-attack is around 24 days versus 18 days the previous year.

The average cost suffered during this 24-day period was $591,780, an impressive amount, increased of 42 percent over last year during an 18-day average resolution period.

Classification of the costs related to annual damage from cybercrime for countries is leaded by US firms with $8.9 million, followed by German companies at $6 million and U.K. firms third at $5.2 million with sensible differences for costs repartition between for example detecting activities and recovery.

Data theft and business disruption are the most expensive cyber threats, “on an annual basis, information theft accounts for 44 percent of total external costs, up 4 percent from 2011. Disruption to business or lost productivity accounted for 30 percent of external costs, up 1 percent from 2011”.

The report demonstrates the increasing of the cost of cybercrime suffered by organizations to prevent and mitigate the effects of cyber attacks that once again highlight the need to put in place the right countermeasures.

Expense in cyber security must be considered an investment for private business and organization that in many cases suffer a cost of cybercrime that aren’t able to quantify.

Unfortunately companies are still too vulnerable to the cybercrime, they often ignore the total amount of its economic impact, creating the right condition for a sustained growth of diffusion of this new form of crime.

Lesson is “invest in cyber security today to try to reduce cybercrime cost tomorrow”

Pierluigi Paganini