HP Research Reveals 56 Percent Rise in Cost of Cybercrime
Monday August 08, 2011 , 3 min Read
National, Date 08, 2011 – HP today unveiled new research indicating that cyberattacks increasingly plague businesses and government organizations, resulting in significant financial impact, despite widespread awareness.(1)Conducted by the Ponemon Institute, the Second Annual Cost of Cyber Crime Study revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This represents an increase of 56 percent from the median cost reported in the inaugural study published in July 2010.
The study found that recovery and detection are the most costly internal activities, highlighting a significant cost-reduction opportunity for organizations that are able to automate detection and recovery through enabling security technologies.
“Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organization’s financial health becoming more substantial,” said Loke Yeow Wong, Regional Evangelist and Director, Enterprise Security, HP. “Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime.”
Cyberattacks have become common occurrences. Over a four-week period, the organizations surveyed experienced 72 successful attacks per week, an increase of nearly 45 percent from last year. More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.
The Second Annual Cost of Cyber Crime Study provides insight into the level of investment and resources needed to prevent or mitigate the consequences of a cyberattack. Key findings include:
Cyberattacks can be costly if not resolved quickly. The average time to resolve a cyberattack is 18 days, with an average cost to participating organizations of nearly $416,000. This represents a nearly 70 percent increase from the estimated cost of $250,000 over a 14-day resolution period in last year’s study. Results also showed that malicious insider attacks can take more than 45 days to contain.
Deploying advanced security intelligence and risk management solutions can mitigate the impact of cyberattacks. Organizations that had deployed security information and event management (SIEM) solutions realized a cost savings of nearly 25 percent, resulting from the enhanced ability to quickly detect and contain cybercrimes. As a result, these organizations experienced a substantially lower cost of recovery, detection and containment than organizations that had not deployed SIEM solutions.
“As the sophistication and frequency of cyberattacks increases, so too will the economic consequences,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Figuring out how much to invest in security starts with understanding the real cost of cybercrime.”
HP enables risk management through the Security Intelligence and Risk Management Framework, which helps businesses and governments in their pursuit of an Instant-On Enterprise. In a world of continuous connectivity, the Instant-On Enterprise embeds technology in everything it does to serve customers, employees, partners, and citizens with whatever they need, instantly.
About HP
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure at the convergence of the cloud and connectivity, creating seamless, secure, context-aware experiences for a connected world. More information about HP (NYSE: HPQ) is available at http://www.hp.com.
(1) “The Second Annual Cost of Cyber Crime Study, “Ponemon Institute, July 2011. The study reflects interviews with a representative sample of data protection and IT security practitioners from 50 benchmark corporations across various industry sectors.