Among U.S. corporations, $11.56 million is the mean average cost of cybercrime, while for some it can range between $1.3 million and $58 million, according to the fourth annual Cost of Cyber Crime study conducted by the Ponemon Institute. That is up 78% from four years ago and a 26% increase from the average cost reported in 2012.
The 2013 Cost of Cyber Crime study, sponsored by HP Enterprise Security Products, found that organizations experience an average of 122 successful cyberattacks per week; that's 102 more attacks weekly than was reported in 2012. "The types of attacks experienced were: viruses, Trojans, malware, botnets, web-based attacks, denial of service, malicious code, malicious insiders, phishing and stolen devices." The most costly, listed under the "real cost of cyberattacks," were caused by denial-of-service attacks, malicious insider attacks and web-based attacks, which together account for more than 55% of all cybercrime costs annually.
The survey of 60 companies revealed that it takes an average of 32 days to resolve a cyberattack, with a price tag of $32,469 as the average cost per day. $1,035,769 is the average total cost if it takes 32 days to resolve. That's up 55% from last year, but that may be due to it taking 130% longer to resolve a cyberattack than it did a year ago.
The study takes into account both direct and indirect costs, with information theft labeled as the highest external cost and business disruption coming in at a close second. Internally, recovery and detection are responsible for 49% of the costs. Additionally, the study found that, for smaller organizations, cybercrime costs "a significantly higher per-capita cost than larger organizations."
Newsflash: "Cyber expert says hacker attacks are hard to prevent." Wow, seriously for real? In other breaking news, it's said the Pope is Catholic. Or how about this one: "Every country has an army of hackers." The point in mentioning those headlines is that if there are still companies who believe they won't be hacked, when that's a given -- just like all countries having nation-state hackers hoping to steal intellectual property, is it really surprising to have so many different 'cost of cybercrime' studies being reported?
Variations on the 2013 cost of cybercrime are all over the place, and you can be sure most of those studies and white papers are produced by companies hoping to sell you the latest and greatest protection and services. These companies do all put a great deal of effort into coming up with the numbers, but it's nearly impossible to know for sure, and some experts suggest that cybercrime estimates are a bunch of bunk.
Sign up for CIO Asia eNewsletters.