Cybercrime costs companies $8.9mn in 2012: Report

Dealing with cybercrime is proving to be an expensive affair for companies. The extent of this has been revealed by a study put forth by the Poneman Institute. eWeek reports that according to the study, average firms currently end up paying about $8.9 million to detect, respond to, and recover from cyber attacks. The average annual cost of cybercrime in 2012 is $8.9 million, which is up by 6 percent from last year. Elaborating on this, the report attributes the rising costs to denial-of-service (DoS), malicious insiders and attacks on websites. 

According to the study, companies were hit by a large number of incidents each week, i.e., 1.8 successful attacks on an average, each week. In fact, it was found that every firm surveyed had been impacted by an attack from a virus, worm or trojan, while 97 percent had to deal with other forms of malware. 71 percent came across a computer that had its security compromised to become part of a botnet. Loss of information and business disruption accounted for the greatest damage that companies suffered.

More from News & Analysis

What is the US HIRE Bill and why is India’s $250-billion IT sector worried? Is the internet dead? What's this theory that OpenAI's Sam Altman says might be true?

Dealing with cybercrime: An expensive affair (Image Credit: Getty Images)

According to the report, Larry Ponemon, chairman and founder of the Ponemon Institute found that attacks have gone on to become not only harder to detect but also harder to clean up. “Stealth is definitely a factor, but they are also more complex,” said Ponemon. “You think everything is cleaned up and then you find out the very next day that there is something still in your system.”

The HP-sponsored study found that companies that focused on security intelligence, i.e., working towards detecting attacks early managed to reduce the costs incurred because of cybercrime the greatest – nearly $1.7 million on average. This segment of the study also took into account technologies like security information and event management (SIEM) and intrusion prevention systems. “Companies with access governance tools and systems required by compliance saved $1.6 million and $1.5  million, respectively. The savings were not additive, said Ponemon,” it has been further known.

Despite all the optimism, the study found that there is no way to achieve zero damage score.

The first of its kind from the Ponemon Institute, the study surveyed firms in Australia, Germany, Japan, and the United Kingdom. “If you if you do all the right things, you are not going to be in a failsafe position,” said Ponemon.

Going further, the study reveals that in the past, detecting attacks and recovering from attacks were the most expensive internal activities for companies against cyber attacks. The early response to cyber attacks is the most crucial factor in cost. Here it added that now an average cyber attack takes 24 days to resolve in 2012, as compared to 18 days last year.

The study indicates that costs varied on the company’s nationality. US-based firms were worst affected by cybercrime at $8.9 million worth of annual damages, while Germany-based companies came second at $6 million and UK firms third at $5.2 million. The study highlights the differences in those aspects of cybercrime for which costs figured drastically. It found that German companies paid the most for detecting cyber attacks, while those in UK and Australia paid the most for recovery.

“We are extremely inefficient at fighting cybercrime; or to put it another way, cyber-crooks are like terrorists or metal thieves in that their activities impose disproportionate costs on society,” the study concludes.