Cyber crime costs UK organisations £2.1m a year

Ponemon Institute's 2012 Cost of Cyber Crime Study estimates cyber crime costs UK organisations an average of £2.1m a year each

Cyber crime costs UK organisations an average of £2.1m a year each, according to the 2012 Cost of Cyber Crime study by the Ponemon Institute.

The cost of attacks on UK organisations range between £400,000 and  £7.7m, the study revealed.

The report showed cyber attacks had become common, The group of UK organisations polled experienced 41 successful attacks a week or 1.1 each every week.

While all UK industries fall victim to cyber crime, organisations in the defence sector, utilities and energy, and financial services experience higher costs than organisations in hospitality, retail or education. 

The most costly UK cyber crimes are those caused by malicious insiders, denial of service attacks and malicious code, the study found.

Although 2012 was the first time the study was conducted in the UK, Germany, Australia and Japan, it has been conducted for the past three years in the US.

According to US study, cyber attacks have more than doubled over a three-year period, while the financial impact has increased by nearly 40%.

The study also revealed a 42% increase in the number of cyber attacks, with US organisations experiencing an average of 102 successful attacks a week, compared with 72 attacks a week in 2011 and 50 in 2010. 

The 2012 study revealed the average annual cost of cyber crime incurred by US organisations is the highest of the countries studied, at $8.9m or £5.5m, which represents a 6% increase over the average for 2011, and a 38% increase over 2010.

Difference in cost of cyber attacks

According to Ponemon, the cost of cyber attacks varies across the countries studied because of differences in the types and frequencies of attacks experienced.

For example, the study found US companies more likely to experience the most expensive types of cyber attacks, which are malicious insiders, malicious code and web-based incidents.

Similarly, UK and Australian organisations were most likely to experience denial of service attacks; German companies were least likely to experience malicious code and denial of services; and Japanese companies were least likely to experience malicious insiders and web-based attacks. 

Another key finding that may explain cost differences between countries concerns the theft of information assets. For example, US and German companies report this as the most significant consequence of a cyber attack, while the UK and Australia attach more importance to business disruption.

The study also found a difference in the cost of internal activities. For example, the cost of detecting a cyber attack is the most expensive for German companies, while the cost of recovery from a cyber incident appears to be more expensive for companies in the UK and Australia. Japanese companies cited higher costs to investigate and manage the incident than other countries.                                               

“The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time,” said Larry Ponemon, chairman and founder of the Ponemon Institute.

“We believe a better understanding of the cost of cyber crime will assist organisations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack,” Ponemon said.

According to HP, which sponsored the study, there is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of attacks.

At the core of the company’s security product strategy is the HP Security Intelligence platform, which uses threat research and correlation of security events and vulnerabilities to deliver security intelligence across IT operations, applications and infrastructure.

Read more on Hackers and cybercrime prevention