Cyber Crime Costs on the Rise: Study

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Cyber attacks continue to plague organizations of every size, costing companies and consumers millions of dollars and months, if not years, of headaches.

The latest study by security researchers at the Ponemon Institute and ArcSight (NASDAQ: ARST), a provider of threat and risk management applications, found that virtually every organization is hit with a significant cyber attack at least once a week and, worse yet, the average cost of resolving these coordinated phishing and malware campaigns is now more burdensome than ever before.

Over a four-week period, the 45 organizations surveyed in the study reported 50 successful attacks a week, resulting in a median annualized cost of $3.8 million per organization per year. Depending on the severity and complexity of the cyber attacks, these organizations reported spending between $1 million and as much as $52 million to deal with these constant security threats.

"Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss," Larry Ponemon, founder and chairman of the Ponemon Institute, said in the report.

"Through actions, such as the appointment of a Chief Information Security Officer (CISO), the rollout of an enterprise security strategy, and investments in technologies capable of addressing sophisticated threats and managing complex security events, companies are able to reduce the financial impact of cyber crime," he added.

Investing in security information and event management (SIEM) applications and enterprise threat and risk management (ETRM) software can often be a good first step, analysts said, even though many SMBs balk at making significant financial investments in security applications until it's too late.

The study found that Web attacks, malicious code and malicious insiders are responsible for more than 90 percent of cyber attacks each year. The longer it takes to identify, isolate and resolve the attack, the more it costs. Most companies reported that malicious attacks perpetrated by disgruntled employees or other insiders were the most difficult to discover and took an average of 42 days to resolve.

That's not good, according to the Ponemon Institute, considering that companies on average will spend $18,000 a day to resolve a major security vulnerability.

The price of not paying attention is particularly acute in the U.S. where companies on average spend twice as much money or more to resolve security breaches than their counterparts in Europe and Asia.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.