The Ponemon study, based on interviews with more than 1,000 security professionals, found the annualized cost of cybercrime to companies was $11.56 million per organization with a range of $1.3 million to $58 million, an increase of 26 percent over the average cost in 2012. The study, commissioned by Hewlett-Packard, also found that the average time to resolve a security incident increased from 24 days in 2012 to 32 days, a 33 percent rise.
Ponemon used a benchmark sample of 60 U.S. organizations to arrive at the figures in the report, "2013 Cost of Cyber Crime Study: United States." A Ponemon study in June analyzing data breach costs found security incident expenses highest in the U.S. and Germany.
[Related: Verizon Analysis: Top 10 Causes Behind Data Breaches ]
Data theft poses the highest external costs to organizations, followed by business disruption, according to the study. The losses prompted by disrupted business operations are adding up, the study found, increasing 18 percent from 2012. Meanwhile, data theft costs declined 2 percent.
Threat detection, disaster recovery and incident response activities posed the most costly internal activities. Recovery and detection accounted for nearly half of the total internal activity cost, with labor taking up the majority, according to the study.
Attacks on businesses also are increasing, fueled by hacktivist denial of service attacks intended to disrupt the business, malicious insiders intent on stealing data and financially motivated attacks out for credit card data, personal information and account credentials, according to the report.
"Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, applications security testing solutions and enterprise GRC solutions," according to the study. "Findings suggest companies using security intelligence technologies were more efficient in detecting and containing cyberattacks."
If deployed and monitored, security information and event management systems could save an organization $4 million when compared with companies not deploying those technologies, Ponemon said. Strong and enforceable security policies, data governance controls and a security-aware culture also rein in costs. Cost savings for companies deploying good security governance practices is estimated at $1.5 million on average, according to the study.
The study found most security spending at the network layer, with the deployment of unified threat management systems, next-generation firewalls, intrusion prevention systems and reputation feeds being key. The adoption of access governance technologies and enterprise deployment of governance, risk and compliance tools also had a significant impact on reining in costs, the study found.
A layered approach to deploying security technologies could help increase cybercriminals' cost to carry out attacks, reducing the risk that a well-protected corporate network will be targeted, say security experts. Law enforcement activity cracking down on cybercriminal gangs has only a short-term impact, said Ziv Mador, director of security research at Trustwave. Defending against attacks is a never-ending battle, Mador said.
"Even if multiple members of an organization get arrested, there is usually someone who can continue on and eventually recover the activity," Mador said. "The important thing for businesses is to develop a comprehensive security policy that would reduce risks to a minimum."
PUBLISHED OCT. 9, 2013
related stories
trending stories
Video
sponsored resources

Cloud PPG Showcase

100 People You Should Know Showcase

APC by Schneider Electric
IoT Platforms 360

Vertiv
Edge Computing 360

Best of Breed Showcase

Annual Report Card Showcase

NexGen Showcase

Symantec
Symantec Business Security Learning Center

ConnectWise
ConnectWise

RSA
RSA

NPD
Industry Trends 360

AT&T Cybersecurity
Cloud Security 360

Comcast
Comcast Business Learning Center

NetApp
NetApp Data Driven Learning Center

Silver Peak
Silver Peak Learning Center

BlackBerry Cylance
BlackBerry Cylance Learning Center

ID Agent
Managed Security 360

Wasabi
Wasabi

HP Inc.
HP Toner and Ink

Sophos
Sophos Cybersecurity Learning Center

Storagecraft
Disaster Recovery Learning Center

Eaton
Eaton Learning Center

Lenovo
Lenovo Learning Center

Scale Computing
Scale Computing Learning Center

SonicWall
Network Security 360

Cohesity
Cohesity Learning Center

Sherweb
Cloud Partner Programs 360

Dell EMC
Software-defined Data Center 360

Carbonite
Cloud Storage 360
Women of the Channel Showcase
