Cyber crime costs typical U.S. company $15 million per year
A recent study by the Ponemon Institute, sponsored by HP Enterprise Security, found that the mean annualized cost for cyber crime in the United States for organizations is US$15 million per year, with a range from US$1.9 million to US$65 million each year per company.
The report found that the number of cyber attacks against U.S. companies continues to grow in frequency and severity. Recent notable cyber attacks include malicious attacks on Anthem Blue Cross and Blue Shield, United Airlines, Sabre Corp. and American Airlines. In the public sector, the Office of Personnel Management sustained an attack that resulted in the theft of information about more than 4.2 million current and former federal employees and attacks against the Internal Revenue Service resulted in the theft of information about more than 4.2 million current and former federal employees and attacks against the IRS resulted in the theft of personal data about more than 100,000 taxpayers.
The study found that average annualized cost of cyber crime appears to vary by industry segment, where organizations in financial services, energy and utilities and defense and aerospace experience a higher cost of cyber crimes. Organization in the consumer products and hospitality industries on average experience a much lower cost of cyber crime.
The report also found that most costly cyber crimes are those caused by denial of services, malicious insiders and malicious code. Such causation of cyber crime account for more than 50 percent of all incidents per organization on an annual basis. Mitigation of such attacks requires enabling technologies such as security information and event management (SIEM), intrusion prevention systems, applications security testing solutions and enterprise governance, risk, and compliance (GRC) solutions.
Biometrics can be a user authentication tool utilized to mitigate cyber security attacks or intrusion. Biometrics data however should be treated as private information and should be part of risk assessments and compliance strategies. This week, BiometricUpdate.com reported on an ABI Research report that found that biometrics systems themselves also can contain cybersecurity vulnerabilities.
ABI Research detailed the many potential security flaws of biometric systems, including untrustworthy user interfaces and malware for the consumer segment, compromised USB peripherals, and encryption. ABI Research states that some of the main concerns for biometric system integrators for the future will include integrating data security protocols, monitoring for incoming threats and establishing physical and logical integrity.
The Ponemon Institute study notes that detection and recovery from cyber crime attacks and intrusions are most costly security activities and on an annual basis account for 55 percent of total activity cost with cash outlays and direct labor representing the majority of these costs. Further, cyber attacks can become extremely costly if not resolved quickly. The average time to resolve a cyber attack was 46 days, with an average cost to organizations of US$1.9 million. This represents a 22 percent increase from last year’s estimated average cost of US$1.6 million. Results show that malicious insider attacks can take an average of approximately 63 days to contain.
The good news however is that the deployment of security intelligence systems makes a difference. The study found that companies using security intelligence technologies were more efficient in detecting and containing cyber attacks. Resultant average savings of US$3.7 million were achieved, when compared to companies not deploying such systems.
Ponemon Institute researchers collected in-depth qualitative data through interviews conducted over a 10-month period. The institute interviewed over 550 IT, compliance and information security practitioners who are knowledgeable about the cyber crime experienced by the organization and the costs associated with resolving cyber attacks.