If there’s one thing a company needs to stay in business it’s money. This is why there are budget plans and decisions on what investments bring back a return. Information security continues to be one of those areas businesses spend on, but not always as much as they should. In the meantime, cybercrime costs grow and this past year the cost per organization was $11.7 million.
A study by Ponemon Institute, “The Cost of Cybercrime,” showed that in 2017 the average cost was $11.7 million, which is a 23% increase from $9.5 million in 2016, and a 62% increase over the past five years for global businesses.
The way the study based its findings was by considering four areas cybercrime impacts the most. These key areas are: business disruption, data loss, revenue loss, and equipment damage. When you look at each component it’s easy to see why they would cost businesses.
If you can’t conduct operations due to your servers being offline or data being held hostage, which can happen due to breach or a catastrophic event, that is considered business disruption. When this happens, your incident response plan will determine the length of time you remain shut down. This will also determine how much revenue you lose since disruption means a halt of services on your end, not to mention the customers you could lose while you’re out of operations.
Another interesting finding in the study is that 43% of organizations experience the most damage with information loss. Obviously, if you lose the data you work with, and nowadays that data involves everything from your technology to your customers, you are forced to recuperate that information before you can resume work as usual. This is most likely why company’s find it to be the most damaging to them when cybercrime takes place.
When it comes to the most expensive type of cyberattack, malware infections came in number one at an average cost of $2.4 million per infection globally and $3.82 million in the United States alone. The second most expensive attacks are web-based ones and the average cost for these types of cyberattacks is $2 million per incident globally and $3.40 million per incident in the US.
The hardest-hit industries in 2017 are financial services and energy organizations with an average annual cost of $18.28 million and $17.20 million, respectively. Also, companies in the United States spend more to address all types of cyberattacks than any other country.
Even though cybercrime costs differ across businesses and industries the study clearly shows that they come at a high cost and when you look at the four areas that impact businesses the most, it becomes clear how a holistic cybersecurity solution is the best investment a business can make to lower cybercrime costs. The reason is that you can’t resolve business disruption with a patch or anti-virus software, even a breach detector won’t be able to come in and help you get back online as soon as possible.
When you have a complete cybersecurity posture it entails people, process and technology; this is what will cover all your bases, including equipment. If you’re not sure where you stand on preparedness for these types of cybercrime events, give us a call, we’re here to help.
Photo courtesy of Nata-Lia