Cost of Cyber Attacks Jumps for US Firms: Study

WASHINGTON – Cybercrime costs are escalating for US companies and attacks are becoming more complicated to resolve, a study showed Wednesday.

A survey of 59 US firms by the Ponemon Institute with Hewlett-Packard found the average annual cost of responding to cyber attacks was $12.7 million, up 96 percent over the previous five years.

The organizations saw a 176 percent increase in the number of cyber attacks, with an average of 138 successful attacks per week, compared to 50 attacks per week when the study was initially conducted in 2010.

The average time to detect an attack was 170 days, and it took on average 45 days to resolve a cyber incident, costing an average of $1.6 million, according to the researchers.

The costs of cyber attacks include detection and data recovery, as well as loss of information and disruption to business, the report said.

The report comes following news of high-profile data breaches affecting millions of customers at retailers such as Target and Kmart, and banks including JPMorgan Chase.

“Adversaries only need to be successful once to gain access to your data, while their targets must be successful every time to stop the barrage of attacks their organizations face each day,” said HP enterprise security vice president Art Gilliland.

“No amount of investment can completely protect organizations from highly sophisticated cyber attacks, but improving and prioritizing your organization’s ability to disrupt the adversary… can significantly improve attack containment and reduce the overall financial impact.”

Ponemon, an independent research firm which studies cybersecurity, surveyed 59 major US companies and organizations in fields including finance, education, defense, consumer products and health care.