Pierluigi Paganini October 11, 2013

HP sponsored a study of Ponemon Institute that reveals Cost of Cybercrime in 2013 escalates 78 Percent while Time to Resolve Attacks More Than Doubles.

HP and the Ponemon Institute have published The 2013 Cost of Cyber Crime Study, the fourth annual report that provides an estimation of the economic impact of cybercrime.

“Information is a powerful weapon in an organization’s cybersecurity arsenal,”“Based on real-world experiences and in-depth interviews with more than 1,000 security professionals around the globe, the Cost of Cyber Crime research provides valuable insights into the causes and costs of cyberattacks. The research is designed to help organizations make the most cost-effective decisions possible in minimizing the greatest risks to their companies.” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. 

The report confirms that for the fourth consecutive year the frequency and cost of cyber attacks are increased.

The 2013 Cost of Cyber Crime Study states that the average annualized cost of cybercrime incurred by a benchmark sample of US organizations was $11.56 million, nearly 78% more than the cost estimated in the first analysis conducted 4 years ago.

The report confirmed that the sophistication of cyber attacks has grown in concerning way in the last years, attackers are adopting techniques even more complex for sabotage and cyber espionage.

The 2013 Cost of Cyber Crime Study reported that the time it takes to resolve a cyberattack has increased by nearly 130 % in four years meanwhile the average cost to resolve a single attack totalling more than $1 million.

Key findings include:

• The average annualized cost of cybercrime incurred per organization was $11.56 million, with a range of $1.3 million to $58 million. This is an increase of 26 percent, or $2.6 million, over the average cost reported in 2012.
• Organizations in defense, financial services and energy and utilities suffered the highest cybercrime costs.
• Data theft caused major costs, 43 percent of the total external costs, business disruption or lost productivity accounts for 36% of external costs. While the data theft decreased by 2% in the last year,  business disruption increased by 18%.
• Organizations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.
• The average time to resolve a cyberattack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day—a 55 percent increase over last year’s estimated average cost of $591,780 for a 24-day period.
• Denial-of-service, web-based attacks and insiders account for more than 55% of overall annual cybercrime costs per organization.
• Smaller organizations incur a significantly higher per-capita cost than larger organizations.
• Recovery and detection are the most costly internal activities.

The adoption of defense mechanisms like security information and event management (SIEM) and big data analytics could  help to mitigate the effect of cyber attacks, reducing the cost suffered by enterprises.

“Organizations using security intelligence technologies were more efficient in detecting and containing cyberattacks, experiencing an average cost savings of nearly $4 million per year, and a 21 percent return on investment (ROI) over other technology categories.”

Pierluigi Paganini

(Security Affairs –  Ponemon 2013 Cost of Cyber Crime, cybercrime)