HP: Cost of Cyber Crime Escalates

By Chris Tribbey

The average cost of cyber crime for American organizations is up nearly 100% year over year to $12.7 million, according to a recent study by HP Enterprise Security and the Ponemon Institute.

The findings of HP’s annual “Cost of Cyber Crime” study also found that the time it takes to resolve a cyber attack has grown by 33% since 2013, with the average cost incurred to resolve a single attack costing than $1.6 million.

“Adversaries only need to be successful once to gain access to your data, while their targets must be successful every time to stop the barrage of attacks their organizations face each day,” said Art Gilliland, SVP and GM of enterprise security products for HP. “No amount of investment can completely protect organizations from highly sophisticated cyber attacks, but improving and prioritizing your organization’s ability to disrupt the adversary with actionable intelligence solutions such as SIEM [security information and event management], can significantly improve attack containment and reduce the overall financial impact.”

The report looked at recent cyber crimes in the U.S. — covering the theft of millions of payment cards, Internet credentials, intellectual property and online bank accounts — and found that companies employing advanced security intelligence tools, including SIEM, intrusion prevention systems (IPS) with reputation feeds, network intelligence systems and big data analytics, were better able to detect and contain cyber attacks.

Organizations experienced a 176% increase in the number of cyber attacks in 2013, according to the report, with an average of 138 successful attacks per week, compared to 50 attacks per week in 2010. The average times it takes to detect a malicious or criminal attack was 170 days.

Of the 17 industries included in the study, all reported to have been impacted by cyber crime. Information theft represents the highest external cost, followed by costs associated with business disruption.

“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Based on more than 2,000 interviews, the annual ‘Cost of Cyber Crime’ research continues to provide valuable insights into the rising cost of cyber attacks to help organizations across all industries understand the serious financial impact that can result if measures are not taken to put solutions, process and expertise in place to minimize risk.”