CIO

Cost of cybercrime surges by 62 per cent in 5 years

Malware infections are the most expensive attacks – costing $2.4 million per incident, according to Accenture and Ponemon Institute
cybercrime_cybersecurity-100034562-orig.jpg

cybercrime_cybersecurity-100034562-orig.jpg

Companies in the financial services and energy sectors are the worst hit

Costly cyber attacks continue to have a significant and growing financial impact on businesses worldwide.

According to new research by Accenture and the Ponemon Institute, in 2017 the average cost of cyber crime globally climbed to $11.7 million per organisation, a 23 percent increase from $9.5 million reported in 2016, and represents a staggering 62 percent increase in the last five years.

In comparison, companies in the United States incurred the highest total average cost at $21.22 million while Germany experienced the most significant increase in total cyber crime costs from $7.84 million to $11.15 million.

This surge follows a recent string of infamous malware attacks including WannaCry and Petya, which cost several global firms hundreds of millions of dollars in lost revenues.

The Cost of Cyber Crime study surveyed 2,182 security and IT professionals in 254 organisations in the US, United Kingdom, Australia, Germany, Japan, France and Italy.

In New Zealand, CERT says losses through cyber security issues reported to it in 2017 topped $5.3M, $3.4m of which were in Q4, a figure more than double that for Q3.

In New Zealand, it is estimated cybercrime cost the economy around $257 million and affect more than 856,000 Kiwis.

The number of cyber attacks has shown no sign of slowing down since the Ponemon Institute began the research in 2009.

The reports notes the imbalance on cybersecurity spending.

Of the nine security technologies evaluated, the highest percentage spend was on advanced perimeter controls, yet companies deploying these security solutions only realised an operational cost savings of $1 million associated with identifying and remediating cyber attacks, suggesting possible inefficiencies in the allocation of resources.

Invest in the ‘brilliant basics’ such as security intelligence and advanced access management and yet recognise the need to innovate to stay ahead of hackers.

Among the most effective categories in reducing losses from cyber crime are security intelligence systems, defined as tools that ingest intelligence from various sources that help companies identify and prioritise internal and external threats.

They delivered substantial cost savings of $2.8 million, higher than all other technology types included in this study. Automation, orchestration and machine learning technologies were only deployed by 28 percent of organisations – the lowest of the technologies surveyed – yet provided the third highest cost savings for security technologies overall at $2.2 million.

The report lists three steps organisations can take to improve their cybersecurity efforts:

  • Undertake extreme pressure testing: Organisations should not rely on compliance alone

to enhance their security profile but undertake extreme pressure testing to identify vulnerabilities more rigorously than even the most highly motivated attacker.

  • Invest in breakthrough innovation: Balance spend on new technologies, specifically

analytics and artificial intelligence, to enhance program effectiveness and scale value.

Key findings of the study include the following:

• On average, a company suffers 130 breaches per year, a 27.4 percent increase over 2016 and almost double what it was five years ago. Breaches are defined as core network or enterprise system infiltrations.

• Companies in the financial services and energy sectors are the worst hit, with an average annual cost of $18.28 million and $17.20 million respectively.

• The time to resolve issues is showing similar increases. Among the most time-consuming incidents are those involving malicious insiders, which take on average 50 days to mitigate while ransomware takes an average of more than 23 days.

• Malware and web-based attacks are the two most costly attack types with companies spending an average of $2.4 million and $2 million respectively.

“The costly and devastating consequences businesses are suffering, as a result of cyber crime, highlights the growing importance of strategically planning and closely monitoring security investments. As this research shows, making wise investments in innovation can certainly help make a significant difference when cyber criminals strike,” says Kelly Bissell, managing director of Accenture Security, in a statement.

“Keeping pace with these more sophisticated and highly motivated attacks demands that organisations adopt a dynamic, nimble security strategy that builds resilience from the inside out – versus only focusing on the perimeter – with an industry-specific approach that protects the entire value chain, end-to-end.”

Get the latest on cybersecurity: Sign up for  CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz