Security Experts:

Connect with us

Hi, what are you looking for?



Cost of Cyberattacks Continues to Rise: Research

The cost of cybercrime in the U.S. has jumped significantly this year, according to new research from Hewlett-Packard and the Ponemon Institute.

The cost of cybercrime in the U.S. has jumped significantly this year, according to new research from Hewlett-Packard and the Ponemon Institute.

According to the study, which covered attacks at dozens of organizations that occurred between January and August, the average annualized cost of cybercrime for U.S. organizations stands at $11.56 million – a 78 percent increase since the first study was done four years ago.

Compared to 2012, the total number of successful attacks per week across the organizations examined has jumped up to 122 per week from 102 last year. In addition, the average annualized cost of cybercrime for each organization has gone up 26 percent. The most costly cybercrimes are caused by denial-of-service, malicious-insider and web-based attacks, which together account for more than 55 percent of all cybercrime costs per organization on an annual basis, according to the study.

Information theft represented the highest external cost (43 percent), with business disruption coming in second (36 percent). When it comes to internal cost, recovery and detection come with the heaviest price tag. For the past year, recovery and detection combined accounted for 49 percent of the total internal activity cost, with cash outlays and labor representing the majority of these costs, researchers found. The average time for resolving a cyberattack in the study this year was 32 days.

Though cybercrime cost varied by company size, smaller organizations faced a higher per capita cost than larger organizations. In addition, organizations in financial services, defense, and energy and utilities experience substantially higher cybercrime costs than those in retail, hospitality and consumer products.

“Deployment of security intelligence systems makes a difference,” according to the report. “The cost of cyber crime is moderated by the use of security intelligence systems (including SIEM). Findings suggest companies using security intelligence technologies were more efficient in detecting and containing cyber attacks. As a result, these companies enjoyed an average cost savings of nearly $4 million when compared to companies not deploying security intelligence technologies.”

In addition to the findings by Ponemon and HP, Symantec released its 2013 Norton Report Oct. 1, which showed that while the number of online adults victimized by cybercrime has decreased, the average cost per victim has gone up by 50 percent.

The study fielded responses from more than 13,000 people from 24 countries. According to the survey, the price of consumer cybercrime per victim in the U.S. is $298. The highest numbers of victims were located in Russia.

“Today’s cybercriminals are using more sophisticated attacks, such as ransomware and spear-phishing, which yield them more money per attack than ever before,” said Stephen Trilling, Chief Technology Officer at Symantec, in a statement.

*This story was updated with more information about the Symantec study.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...