It’s not a surprise that cyber crime is costly for organizations. The cost of any lost productivity, combined with the fallout of any compromised data, the impact to the organization’s reputation, and the cost to clean up and recover from an attack all add up.
The 2014 Ponemon Cost of Cyber Crime study, sponsored by HP, is the fifth annual report on the costs associated with cyber crime. The findings this year show that cyber crime is becoming more costly each year, and that it is taking longer for organizations to recover from cyber attacks.
The cost of cyber crime ranged from $1.6 million to $61 million—with an annualized average of $12.7 million. That is nearly 10 percent higher than the average cost in 2013.
One of the most concerning findings of the study, though, is the amount of time involved in detecting and resolving an attack. The average time it takes to detect a malicious cyber crime attack is 170 days. Some types of attack—specifically attacks involving malicious insiders with authorized access to the network—take 259 days on average to detect. The average time to clean up after an attack is discovered is 45 days. That means it is taking more than seven months on average for organizations to realize they’ve been attacked, and fully recover.
The most costly types of attacks according to the study are denial-of-service attacks, malicious code, and malicious insiders. That is very broad since malicious code can apply to a very wide and diverse array of potential threats. Still, knowing that these are the most costly types of attack gives organizations valuable information that can be used to prioritize the allocation of security resources.
The problem is that many organizations view a report like this as interesting data, but still don’t believe it can happen to them. It is just curious IT security trivia about those poor suckers who were compromised. You don’t want to find out the hard way, though, just how much such a cyber attack will cost your organization.
It’s imperative for organizations to implement the tools, and take the steps necessary to provide better protection, earlier detection, and quicker recovery from cyber crime attacks. The costs associated with proactive defense are a fraction of the cost of a compromise or data breach, and no organization has spare millions lying around to waste on resolving cyber attacks.