Getting a handle on how much cybercrime costs is no easy task. Despite the difficulty Larry Ponemon, chairman and founder of the Ponemon Institute, has devoted himself to the job for several years and is doing it again, this year with the new HP-sponsored 2012 Cost of Cyber Crime report.

Ponemon's study examined some 56 companies across industry verticals to get a picture of the impact and costs of cybercrime. It found the average annualized cost of cyber crime was $8.9 million, a 6 percent increase over the figure reported for 2011.

More Attacks, and Stealthier

Companies across the survey base experienced 102 successful attacks a week, on average, a dramatic rise from the 72 attacks per week companies experienced in 2011.


"It seems like the frequency of attacks across all categories is increasing," Ponemon told eSecurity Planet. "There is also some evidence that shows that attacks have become stealthier and more sophisticated."

Stealthier attacks have led to longer remediation times. The study found it now takes 24 days to completely contain a cyber attack, on average, up from 18 days in 2011.

Types of attacks experienced in 2012 include both theft of information attacks and business disruption. In Ponemon's view, the 2012 Cost of Cyber Crime data shows that data theft is more costly to companies than business disruption attacks. Data theft costs accounted for 44 percent of external costs related to cyber crime in 2012, up by 4 percent from 2011.

Data Breach Costs

While the HP-sponsored 2012 Cost of Cyber Crime study found that data theft and cyber crime costs are on the rise, a study released earlier this year from Ponemon seems to point to a different conclusion. The 2011 Cost of Data Breach study, sponsored by Symantec, conducted by Ponemon and released in March of this year, put the cost of data breaches in 2011 at $5.4 million, a 24 percent decline on a year-over-year basis.

The two studies used different methodologies, Ponemon explained. The cost of data breach model for the Symantec-sponsored study included a component about notifications, an element that fell significantly in 2011.

"Could a data breach be one of the costs in our cyber crime model? The answer is yes, but we're not measuring the same cost components here. These are different things," Ponemon said. "It's like comparing apples to watermelons."

The cost of cyber crime model looks at attacks on systems and infrastructure, as well as the theft of business information, Ponemon added.

Moving forward, though costs related to cyber crime have gone up, Ponemon expects the trend to level off in the coming years.

"I think there have been lots of improvements in technology and a lot of the technologies that have been around for awhile are getting better," Ponemon said. "I think it's a cyber war that is winnable."

Sean Michael Kerner is a senior editor at eSecurity Planet InternetNews.com, the news service of the IT Business Edge Network. Follow him on Twitter @TechJournalist.