A detailed study regarding the impact of cybercrime on corporations was recently released by the Ponemon Institute. According to the Second Annual Cost of Cyber Crime Study, the median annualized cost of cybercrime incurred by a benchmark sampling of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This was an increase of 56 percent from the median cost reported in the inaugural study.
According to this Ponemon deep dive of organizations who have sustained incidents of cybercrime, more than 90 percent of all cybercrime costs were caused by malicious code, stolen devices and web-based attacks. During a four week period, the organizations surveyed by the Ponemon Institute experienced 72 successful attacks per week, an increase of nearly 45 percent from last year. Interestingly, according to a recent study by Webroot Research, cybercrime on social networks also continues to increase — with the number of US-based users who have experienced attacks on social networks growing from 8% in 2009 to 13% in 2010 to 18% in 2011.
Smaller-sized organizations were found by Ponemon to incur a significantly higher per capita cost than larger-sized organizations ($1,088 versus $284). This may be given that smaller organizations do not readily negotiate much off of vendor rack rates — another reason to evaluate network security and privacy insurance as well as working with a law firm that has significant experience in dealing with breaches.
According to this Ponemon survey, the average time to resolve a cyber attack is 18 days, with an average cost to participating organizations of $415,748 over this 18 day period. Interestingly, this represents a 67 percent increase from last year’s estimated average cost of $247,744, which took place over a 14 day period. Results of the study show that malicious insider attacks can take more than 45 days on average to contain.
On September 14, 2011, New York Metro InfraGard and Coalfire are co-sponsoring a New York City event that will feature Dr. Larry Ponemon speaking on the Ponemon Institute’s Cost of Cybercrime Study. For details on this event, visit the Infragard site or registration site.