Ponemon Institute’s 2014 Global Report on the Cost of Cyber Crime shows some very concerning information for business executives. Not only has cybercrime cost increased, but so has the time required to resolve a cyber attack (it has increased by one-third from 2013).
Additional findings from the report show that the average annualized cost of cybercrime for US organizations is $12.7 million representing a 96% increase since the study was initiated five years ago. Furthermore, the average cost to resolve a single attack is now more than $1.6 million, which is an increase of 9% or $1.1 million over the average cost reported in 2013. Even worse is that the range for that cost can be as high as $61 million.
The fact that both cybercrime cost and the time to resolve a single attack have increased indicate once more how important it is for businesses to take security seriously. If cost and time have increased it also means companies are still approaching security with a ‘silver bullet’ approach or compliance-based approach. It is fundamental that CEOs, CIOs, and the C-Suite realize that you can’t have a strong security without a holistic approach.
According to the report, cybercrimes caused by denial of services, malicious insiders and malicious code account for more than 55% of all cybercrime costs per organization on an annual basis. They are also the most costly type of cybercrime. The specific data on the time it takes to detect and resolve cyber attack shows that it now takes 170 days (a 33% increase during the last five years). With incidents concerning malicious insiders the longest average time is 259 days; and from the time of detection to the time of resolution it takes about 45 days.
To address these risks businesses must implement proactive security measures. Continuous monitoring, physical security, network assessments and an effective plan to protect your organization from insider threats are all part of a risk management process that will work; technology or compliance alone, can’t secure you from ever changing threats.
Another important takeaway for executives from the Ponemon Institute report is the realization that one of the highest external costs for your organization is business disruption and lost productivity (accounting for 38% of external costs, which is up 7% from the five-year average). Business continuity plans, and pandemic plans for situations such as what is taking place with Ebola in the US right now, should be included in your risk management.
The sooner business executives and IT leadership realize that part of the business process and its success entails a top notch security posture; the sooner cybercrime costs and risks will decrease. Also not to forget that when a cyber attack takes place, your organization not only faces hefty costs, but negative repercussions such as loss of trust.
What findings surprised you the most from this year’s Global Report on the Cost of Cyber Crime?
Photo Courtesy of Tashatuvango