Cost of Cyberattacks Continues to Rise: Research

The cost of cybercrime in the U.S. has jumped significantly this year, according to new research from Hewlett-Packard and the Ponemon Institute.

According to the study, which covered attacks at dozens of organizations that occurred between January and August, the average annualized cost of cybercrime for U.S. organizations stands at $11.56 million – a 78 percent increase since the first study was done four years ago.

Compared to 2012, the total number of successful attacks per week across the organizations examined has jumped up to 122 per week from 102 last year. In addition, the average annualized cost of cybercrime for each organization has gone up 26 percent. The most costly cybercrimes are caused by denial-of-service, malicious-insider and web-based attacks, which together account for more than 55 percent of all cybercrime costs per organization on an annual basis, according to the study.

Information theft represented the highest external cost (43 percent), with business disruption coming in second (36 percent). When it comes to internal cost, recovery and detection come with the heaviest price tag. For the past year, recovery and detection combined accounted for 49 percent of the total internal activity cost, with cash outlays and labor representing the majority of these costs, researchers found. The average time for resolving a cyberattack in the study this year was 32 days.

Though cybercrime cost varied by company size, smaller organizations faced a higher per capita cost than larger organizations. In addition, organizations in financial services, defense, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products.

“Deployment of security intelligence systems makes a difference,” according to the report. “The cost of cyber crime is moderated by the use of security intelligence systems (including SIEM). Findings suggest companies using security intelligence technologies were more efficient in detecting and containing cyber attacks. As a result, these companies enjoyed an average cost savings of nearly $4 million when compared to companies not deploying security intelligence technologies.”

In addition to the findings by Ponemon and HP, Symantec released its 2013 Norton Report Oct. 1, which showed that while the number of online adults victimized by cybercrime has decreased, the average cost per victim has gone up by 50 percent.

The study fielded responses from more than 13,000 people from 24 countries. According to the survey, the price of consumer cybercrime per victim in the U.S. is $298. The highest numbers of victims were located in Russia.

“Today’s cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing, which yield them more money per attack than ever before,” said Stephen Trilling, Chief Technology Officer at Symantec, in a statement.

*This story was updated with more information about the Symantec study.