What Is The True Cost Of Cyber Crime?

Last year in October the Ponemon Institute published the ‘2015 Cost of Cyber Crime Study: Global‘ report.

The study was conducted using 252 organisations across 7 countries and many of the findings were compared to the results gathered in 2014.

Here’s a summary of the main findings of the 2015 study:

• Cybercrime continues to be on the rise in all countries studied. No surprises there!
• No industry is immune to cybercrime. Financial services, utilities, and energy are most at risk while healthcare, automotive and agriculture were discovered to be least.
• The most costly incidents of cybercrime are incurred by malicious insiders, Denial of Service attacks and web-based attacks.
• There is a positive correlation between the size of an organization and annualised cybercrime cost. It was also determined that ‘small organizations incur a significantly higher per capita cost than larger organizations ($1,388 versus $431)’.
• The quicker an attack can be resolved, the less it costs. The report quotes: ‘the mean number of days to resolve cyber attacks is 46 with an average cost of $21,155 per day – or a total cost of $973,130 over the 46-day remediation period.’.
• The highest external cost is attributed to disruption in business, with the next being the actual cost of data loss. (More on this here: What is the real cost of lost data.)
• The deployment of security intelligence systems does make a difference. The report’s findings suggest companies utilizing security intelligence systems enjoyed an average cost savings of $1.9M when compared to those who did not.
• Companies deploying security intelligence systems experienced a higher ROI (23%) than all other technology categories i.e. encryption, advanced perimeter controls etc.
• Companies that employ expert security staff can reduce cyber crime costs by an average of $1.5M. Those that appoint a high-level security leader can reduce costs by an average of $1.3M!

So there you have it – don’t ignore cybercrime and think it won’t affect your company, because it will. It is just a matter of time. Get ahead of the cybercrime game by deploying security intelligence systems and hiring a CSO or other security expert to put mandatory cyber security training in place for all employees, and to ensure your own systems are locked down tight. If your organization becomes the victim of a cybercrime attack, remember to act fast to minimize the damage.