HP unveiled the results from its sixth annual study in partnership with the Ponemon Institute detailing the economic impact of cyber attacks across both the private and public sectors. The findings reveal a dramatic increase in the overall cost of cyber crime, while providing insight to the most costly cyber crimes and the approaches organizations can take to minimize the impact.
Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2015 Cost of Cyber Crime Study quantifies the annual cost of cyber crime for companies across seven countries including the U.S., U.K., Japan, Germany, Australia, Brazil and the Russian Federation.
In the study, researchers found the average annualized cost of cyber crime incurred by a benchmark sample of Australian and Japanese organizations had increased by 13% and 14% respectively since last year. The results also revealed that it took an average of 31 days to resolve a cyber attack in Australia as compared to 26 days in Japan.
“As organizations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” said Jyoti Prakash, Country Director, India and SAARC countries, HP Enterprise Security Products (ESP). “To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritize the security strategies that can make a difference in minimizing the impact.”
As organizations strive to embrace new technologies while protecting their expanded environments, there is a need to shift security strategies from traditional network control and perimeter management to an advanced focus on protecting interactions among users, applications and data. The 2015 Cost of Cyber Crime Study demonstrates that organizations are now committing 19 percent of their security budget allocation to the application layer, up from 16 percent last year.
Key findings from the 2015 Australia and Japan Cost of Cyber Crime Studies
· Cyber crimes continue to be very costly: The average annualized cost of cyber crime incurred in Japan was $6.81 million, compared to $3.47 million in Australia.
· Cyber crime costs vary by organizational size: Results revealed a positive relationship between organizational size (as measured by enterprise seats) and annualized cost. However, based on enterprise seats, results showed that small organizations incurred a significantly higher per capita cost than larger organizations.
· Cyber crimes require more time to resolve: The average time to resolve a cyber attack was 31 days in Australia, compared to 26 days in Japan. This represents an increase of 8 days in Australia and 1 day in Japan over the last year. Results also showed that malicious insider attacks can take an average of 50 days to contain in Australia, compared to 37 days in Japan.
To be forewarned is to be forearmed
Understanding the cyber threats that pose the biggest risk and have the most economic impact to organizations can help enterprises better plan their security approach and investments.
· In both Japan and Australia, the most costly cyber crimes continued to be caused by denial of service and malicious insiders.
· In Australia, business disruption continued to represent the highest external cost, followed by the costs associated with information loss. On an annual basis, business disruption accounted for 38 percent of total external costs.
· In Japan, information theft represented the highest external cost, followed by the costs associated with business disruption. On an annual basis, information theft accounted for 48 percent of total external costs.
· Recovery and detection were the most costly internal activities in both countries. Australia reported that it accounted for 48 percent while Japan reported it accounted for 53 percent of the total annual internal activity cost. In both countries, productivity, cash outlays and direct labor represented the majority of these costs.
Organizations investing in and using security intelligence technologies and governance practices to address the crimes that proved most costly were more efficient in detecting and containing cyber attacks, thereby reducing costs otherwise incurred.
· Deploying a security information and event management (SIEM) solution led to an average cost savings was $1.9 million per year3, compared to companies not deploying similar security solutions.
· Employment of certified/expert security personnel can save $1.5 million.
· The appointment of a high-level security leader can reduce costs by $1.3 million.
“With cyber attacks growing in both frequency and severity, understanding of the financial impact can help organizations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” said Dr. Larry Ponemon), chairman and founder, Ponemon Institute (@PonemonPrivacy). “As seen in this year’s study, the return on investment for organizations deploying security intelligence systems, such as SIEM, realized an average annual cost savings of nearly $4 million – showcasing the ability to minimize impact by more efficiently detecting and containing cyber attacks.”
U.S. Leading the Globe in Cyber Crime Costs
Across all seven countries studied, the U.S. sample reported the highest total average cost of cyber crime at $15 million per company, while the Russian Federation sample reported the lowest, at $2.4 million. The Japan sample ranked third globally at $6.81 million while the Australia sample ranked second lowest out of seven countries, reporting an average cost of cyber crime at $3.47 million.
Comments
Post a Comment