Cybercrime costs average US firm $15 mn annually

08 Oct 2015

A new report by Hewlett Packard and the US-based Ponemon Institute of Cyber Crime, estimates that hacking attacks cost the average US firm $15.4 million per year, double the global average of $7.7 million.

In a survey of over 2,000 executives and employees in 250 organisations worldwide, the authors of the report state that all industries and markets were affected by cybercrime.

Cyber crimes by malicious insiders, DDOS and web-based attacks cost companies the most. (In DDoS, or a Denial of Service Attack, attackers take down a website by overwhelming it with traffic.)

Global financial services and energy sectors had taken the worst hit, with costs averaging $13.5 million and $12.8 million respectively.

With business expenses on the rise, the cost to hackers was falling thanks to a proliferation of botnets that made launching DDoS attacks cheap and simple, along with the easy sharing of tools and exploits on "dark net" forums and marketplaces.

Cybersecurity firm Incapsula, says the price of launching a DDoS attack had fallen to just $38 per hour, while "the real-world cost of an unmitigated attack is $40,000 per hour" for businesses.

The release of tools and data by Italian surveillance company Hacking Team had also given a boost to the activities of cyber criminals.

The leaked data included a number of "zero day" exploits, or previously unknown security flaws in popular software.

The average annual cost of cybercrime had increased 20 per cent year-over-year and had logged an 82 per cent increase since HP and Ponemon started conducting studies six years ago.

The report further noted that it took, on average, 46 days to resolve a cyberattack a percentage increase of 30 points over the past six years. Further the cost to resolve a single attack was in excess of $1.9 million.

''As organisations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,'' said Sue Barsamian, senior vice president and general manager, enterprise security products, HP, in a statement.

''To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritize the security strategies that can make a difference in minimizing the impact,'' she added.