• United States



Most costly cybercrime attacks: Denial-of-service, malicious insider and web-based

Oct 09, 20134 mins
CybercrimeData and Information SecurityHacking

The Ponemon Institute's 2013 Cost of Cyber Crime Study found that organizations suffer from 122 successful cyberattacks per week.

Among U.S. corporations, $11.56 million is the mean average cost of cybercrime, while for some it can range between $1.3 million and $58 million, according to the fourth annual Cost of Cyber Crime study conducted by the Ponemon Institute. That is up 78% from four years ago and a 26% increase from the average cost reported in 2012.

The 2013 Cost of Cyber Crime study, sponsored by HP Enterprise Security Products, found that organizations experience an average of 122 successful cyberattacks per week; that’s 102 more attacks weekly than was reported in 2012. “The types of attacks experienced were: viruses, Trojans, malware, botnets, web-based attacks, denial of service, malicious code, malicious insiders, phishing and stolen devices.” The most costly, listed under the “real cost of cyberattacks,” were caused by denial-of-service attacks, malicious insider attacks and web-based attacks, which together account for more than 55% of all cybercrime costs annually.

The survey of 60 companies revealed that it takes an average of 32 days to resolve a cyberattack, with a price tag of $32,469 as the average cost per day. $1,035,769 is the average total cost if it takes 32 days to resolve. That’s up 55% from last year, but that may be due to it taking 130% longer to resolve a cyberattack than it did a year ago.

The study takes into account both direct and indirect costs, with information theft labeled as the highest external cost and business disruption coming in at a close second. Internally, recovery and detection are responsible for 49% of the costs. Additionally, the study found that, for smaller organizations, cybercrime costs “a significantly higher per-capita cost than larger organizations.”

Newsflash: “Cyber expert says hacker attacks are hard to prevent.” Wow, seriously for real? In other breaking news, it’s said the Pope is Catholic. Or how about this one: “Every country has an army of hackers.” The point in mentioning those headlines is that if there are still companies who believe they won’t be hacked, when that’s a given — just like all countries having nation-state hackers hoping to steal intellectual property, is it really surprising to have so many different ‘cost of cybercrime’ studies being reported?

Variations on the 2013 cost of cybercrime are all over the place, and you can be sure most of those studies and white papers are produced by companies hoping to sell you the latest and greatest protection and services. These companies do all put a great deal of effort into coming up with the numbers, but it’s nearly impossible to know for sure, and some experts suggest that cybercrime estimates are a bunch of bunk.

Symantec’s 2013 Norton Report took a different route, coming up with a $113 billion as the global price tag of consumer cybercrime. For the U.S., $38 billion was the price tag of consumer cybercrime, with $298 as the average cost per victim in the U.S.

When McAfee collaborated with the Center for Strategic and International Studies, the resulting white paper [pdf] for 2013 came up with a rough guess of up to $100 billion annually for the U.S, which was approximately equal to 500,000 jobs. “Data is incomplete but global estimates vary from $300 billion to $1 trillion.”

That $1 trillion price tag was repeated by NSA Chief Gen Keith Alexander in 2012. Yes, that is the same Alexander who recently admitted he lied to a Congressional committee about phone surveillance stopping 54 terror plots. “Alexander admitted that only 13 of the 54 cases were connected to the United States. He also told the committee that only one or two suspected plots were identified as a result of bulk phone record collection.”

Like this? Here’s more posts:

  • Wickr: Free texting app has military-grade encryption, messages self-destruct
  • IE zero-day attacks to ramp up: Metasploit releases module
  • Ctrl+Alt+Del ‘was a mistake’ admits Bill Gates, who said ‘no’ about returning as CEO
  • Report: NSA tracks and maps American citizens’ social connections
  • Researchers develop attack framework for cracking Windows 8 picture passwords
  • Extreme tech for covert audio surveillance
  • Have you protected your privacy by opting out of cross-device ad tracking?
  • Microsoft finally patches gaping IE exploit with Patch Tuesday update
  • Not even Microsofties trust Microsoft’s approach to privacy
  • Microsoft Research: Secret tags in 3D-printed objects, hooked to the Internet of Things
  • Gmail is the preferred email service of terrorists, claims former NSA chief
  • Are Bing it on challenge claims a bunch of bunk?

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.