cybercrime costs rise

Cybercrime costs rise

The cost of dealing with cybercrime went up 56 percent this year. Organizations have paid anywhere from $1.5 million to $36.5 million a year for protection and recovery, according to a study.


The “Second Annual Cost of Cyber Crime, conducted by the Ponemon Institute and funded by Hewlett-Packard, revealed that the median annualized cost of cybercrime is $5.9 million a year, which is 56 percent higher than the year before.

During a four-week period, organizations surveyed were hit with 72 successful cyberattacks a week, up 45 percent from the year before. Most of the attacks were in the form of distributed denial of service (DDoS), malicious code, stolen services, and Web-based attacks.

On average, each attack took 18 days and $416,000 to fix, which was 70 percent higher than last year, when it took an average of 14 days and $250,000 to recover.

“As the sophistication and frequency of cyberattacks increases, so too will the economic consequences,” Dr. Larry Ponemon, chairman and founder of Ponemon Institute, said in a statement. “Figuring out how much to invest in security starts with understanding the real cost of cybercrime.”

Cybercrime incurs costs for detection, protection, containment, and recovery. Companies also have to shell out extra for consumer compensation.

Ponemon’s study was based on a survey of 50 organizations with 700 to 139,000 employees.

Cybercriminals have been incredibly busy this year. On Tuesday, a report from McAfee disclosed a massive hack called “Operation Shady RAT” that penetrated multiple U.S. government agencies, the United Nations, foreign governments, and many technology companies and defense contractors since 2006.

Earlier this year, Sony suffered one of the most public and widespread attacks, which took down its PlayStation Network and has been projected to cost the company $170 million. Hacker coalitions Anonymous and LulzSec have also provided some headaches for IT departments at the FBI, the Italian government, PayPal, and many more.

In May, the White House unveiled a cyber-security proposal that it hopes Congress will use as a framework for legislation. Among other things, the plan includes national data breach reporting, increased penalties for computer crimes, rules that would allow the private sector to commiserate with the Department of Homeland Security on cyber-security issues, and cyber-security audits for critical infrastructure providers.

Today’s results are alarming, but in June, Microsoft published a white paper covering the incredible bias involved in cybercrime estimates, suggesting that companies lie about cyber attacks as much as men lie about their number of sex partners.

Photo credit:  KnowBe4

Via PC Mag