Cyber crimes costs UK businesses average of £3m per year

Cyber crime costs UK organisations around £3m a year on average a study has revealed

Cyber crime costs UK organisations around £3m a year on average, the second annual Cost of Cyber Crime Study has revealed.

That is an increase of 42% since the 2012 study conducted by the Ponemon Institute and sponsored by HP Enterprise Security.

Of a sample of six countries in the global study, the UK was above only Australia with an annual average cost of £2.27m.

The US (£7.18m) was top of the list, followed by Germany (£4.7m), Japan (£4.18m) and France (£3.22m).

The study found that a sample of 36 large UK organisations in various industry sectors, including a majority of multinational corporations, fell victim to 1.3 successful attacks per company per week.

This represents an increase of 16% in attacks that infiltrate a company’s core networks or enterprise systems each week, compared with 2012.

Based on actual cyber crime incidents, the study showed the most costly cyber crimes are those caused by malicious insiders, denial of service attacks and web-based attacks.

The study shows that the average annual cost of cyber crime varies by industry segment, with financial services, defence, and energy and utilities experiencing substantially higher cyber crime costs than organisations in retail, hospitality and consumer products.

According to the Ponemon Institute, a better understanding of the cost of cyber crime will assist organisations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

The report said organisations achieve an average 14% return on investments in security incident event management (Siem), intrusion prevention systems (IPS), application security testing, and enterprise governance, risk management and compliance (GRC) systems.

Companies deploying security intelligence systems experience a substantially higher return on investment at 23%.

The study found that US companies are much more likely to experience the most expensive types of cyber attacks, which are malicious code, denial of service and web-based incidents.

Australia is most likely to experience denial of service attacks. In contrast, German companies are least likely to experience malicious code and botnets. Japanese companies are least likely to have devices stolen or experience malicious code attacks.

US, Japanese and German companies report the theft of information assets as the most significant consequence of a cyber attack, while UK, France and Australia cite business rate disruption as more important.

The cost of detecting and recovering from a cyber attack is the greatest for US, French, Japanese and German companies. However, the cost of recovery from a cyber incident is also expensive for companies in the UK and Australia.

The study found that cyber attacks can become costly if not resolved quickly and a strong security posture moderates the cost of cyber attacks. It also found that enterprise security governance practices moderates the cost of cyber crime.

Read more on Hackers and cybercrime prevention