The average cost of cyber attacks is up 56% on last year's figures, according to the second annual Cost of Cyber...
Crime Study by the Ponemon Institutute.
The survey found that the average cost of cyber crime incurred by a benchmark sample of organisations was $5.9m a year, ranging from $1.5m to $36.5m a year.
Recovery and detection are the most costly internal activities, the study found, highlighting a significant cost-reduction opportunity for organisations that are able to automate detection and recovery through enabling security technologies.
The study found that cyber attacks have become common, with surveyed organisations experiencing 72 successful attacks in a four-week period, an increase of nearly 45% from 2010.
More than 90% of all cyber crime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.
Key findings of the study include that cyber attacks can be costly if not resolved quickly and that deploying advanced security intelligence and risk management systems can mitigate the impact of attacks.
Ponemon researchers found the average time to resolve a cyber attack is 18 days, with an average cost of nearly $416,000. This represents a nearly 70% increase from the estimated cost of $250,000 over a 14-day resolution period in last year's study. Results also showed that malicious insider attacks can take more than 45 days to contain.
Organisations that had deployed security information and event management (SIEM) systems achieved a cost savings of nearly 25%, resulting from the ability to detect and contain cyber crimes quickly. As a result, these organisations experienced a substantially lower cost of recovery, detection and containment.
"As the sophistication and frequency of cyber attacks increases, so too will the economic consequences," said Larry Ponemon, chairman and founder, Ponemon Institute. "Figuring out how much to invest in security starts with understanding the real cost of cyber crime."