HP and the Ponemon Institute today unveiled a new security study that shows the cost and frequency of cybercrime has risen for the third year in a row.
The 2012 Cost of Cyber Crime Study, conducted by the Ponemon Institute and sponsored by HP, found that the average annual cost of cybercrime for U.S. organizations was $8.9 million in 2012. That amount is 6% more than the $8.4 million average costs of cybercrime in 2011, and a 38% increase over the 2010 average of $6.5 million.
The report also shows a 42% increase in the number of cyberattacks in 2012. This year, organizations experienced an average of 102 successful attacks per week, compared to 72 attacks per week in 2011 and 50 attacks per week in 2010.
"A successful attack is one that infiltrates or infects an enterprise system," said Larry Ponemon, chairman and founder of the Ponemon Institute, who spoke with WebProNews. "We're really looking at things that stick, rather than bounce off a company's firewall or other perimeter protections."
Ponemon has served on the Advisory Committee for Online Access & Security for the U.S. Federal Trade Commission and was appointed by the White House to the Data Privacy and Integrity Advisory Committee for the Department of Homeland Security.
Though the total average cost of cybercrime is on the rise, the report shows that companies incur costs differently according to their size and the industry they are associated with. Ponemon shows that while organizations they classify as small have lower annual cybercrime costs, their per capita cybercrime costs ($1,324) are much higher than larger organizations ($305). Organizations in the defense, utilities & energy, and financial services industries have higher costs associated with cybercrime than those in other industry segments, such as retail, hospitality, and consumer products.
This is the first year the report has expanded past U.S. companies, looking at businesses in the U.K., Germany, Japan, and Australia. According to Ponemon, the U.S. and Germany were much more likely to be hit with cyberattacks, and a larger percentage of their external costs due to cybercrime came from information loss. The majority of the U.K.'s and Australia's external costs came from business disruption, meaning their internal costs largely consisted of recovering from cyberattacks, while the U.S. and Germany spent more internally on detection.
Several security solutions are advised by the Ponemon report. It shows that a "strong security posture" based on the Security Effectiveness Score (SES) metric can mitigate the average cost of cyberattacks. Strong security governance practices are encouraged as well, with the report showing that organizations that invest adequately in security resources, appoint a high-level security leader, and employ experts can reduce their cybercrime costs.
The report also found that, unsurprisingly, deployment of security intelligence systems can make a difference in the costs companies incur as a result of cybercrime. It shows that organizations that deploy security intelligence technologies saved an average of $1.6 million compared to those that did not.
“The purpose of this benchmark research is to quantify the economic impact of cyberattacks and observe cost trends over time,” said Ponemon. “We believe a better understanding of the cost of cybercrime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.”
HP believes its security services are just the sort of resources companies need to safeguard their network infrastructures. The company recently updated its enterprise security solutions, focusing on proactively protecting customers rather than reacting to cyberattacks. HP will also sponsor a series of live webinars, presented by Larry Ponemon, starting later this month. The webinars will detail the findings of the Ponemon report for the individual countries in which the study was conducted.
“Organizations are spending increasing amounts of time, money and energy responding to cyberattacks at levels that will soon become unsustainable,” said Michael Callahan, vice president of Worldwide Product and Solution Marketing, and Enterprise Security Products at HP. “There is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of these attacks.”
Varun Kohli, director of Product Marketing for Enterprise Security Products at HP told WebProNews that the Ponemon report provides conclusive data for security teams trying to sell their worth to executives, who often don't see value in comprehensive preventative security solutions. His advice to organizations is to "bake-in" security to their solutions by making the solutions "intelligent" and "protecting what matters."
"If it doesn't neet to be on the internet, don't put it on the internet," said Kohli.