As the presence of cybercrime advances, so does its cost to global companies, particularly those in the United States. The cost of cybercrime to the average company has risen to $15 million a year. As cybercriminals become more expert, those costs are bound to rise.
According to a new study sponsored by Hewlett Packard Enterprise:
As shown, there is significant variation in total cyber crime costs among participating companies in the benchmark samples. The US sample reports the highest total average cost at $15 million and the Russian sample reports the lowest total average cost at $2.4 million. It is also interesting to note that Germany, Japan, Australia and Russia experienced a slight decrease in the cost of cyber crime cost over the past.
The numbers are particularly troubling because the U.S. cost has risen from $11.5 million two years ago to $15.4 million in the fiscal year just ended. At the current growth rate of 19% a year, the figure in the United States could double by around the end of the decade.
Among the most notable conclusions of the study are ones most experts already know. Cybercriminals target the financial industry most, followed by utilities and technology. At the bottom of the list of targets are agriculture and the automotive industry.
The methods of the attack are very broad, which presumably makes it harder to defend against all of them:
Virtually all organizations had attacks relating to viruses, worms and/or trojans and malware over the four-week benchmark period. Malware attacks and malicious code attacks are inextricably linked. We classified malware attacks that successfully infiltrated the organizations’ networks or enterprise systems as a malicious code attack.
For the time being, there is no reason to think these attacks will not rise and become more sophisticated. One of the most regular refrains among experts of cyber-attacks are that attackers have a large lead on defenders. The costs of defense will continue to rise.
Methodology: For consistency purposes, the benchmark sample consisted of only larger-sized organizations (i.e., a minimum of approximately 1,000 enterprise seats). The study examines the total costs organizations incur when responding to cybercrime incidents. These include the costs to detect, recover, investigate and manage the incident response. Also covered are the costs that result in after-the-fact activities and efforts to contain additional costs from business disruption and the loss of customers. These costs do not include the plethora of expenditures and investments made to sustain an organization’s security posture or compliance with standards, policies and regulations.