Cybercrime Costs Firms $13m Each as Malicious Insider Threat Grows

The average cost of cybercrime rose by over $1m last year to reach $13m per firm, with the impact of malicious insiders particularly noticeable, according to a new Accenture report.

The consulting giant’s annual Cost of Cybercrime report is compiled from over 2600 interviews with hundreds of organizations across 11 countries.

Those surveyed recorded an average of 145 cyber-attacks resulting in hackers entering their core networks or enterprise systems: up 11% over 2017 and 67% over 2014.

Some 85% experienced phishing and social engineering attacks last year, up 16% on 2017, and 76% suffered web-based attacks. Those hit by ransomware also increased (15%) year-on-year, with costs growing 21% to around $650,000 per company on average.

While malware and then web-based were the most expensive types of attack, costing firms $2.6 million and $2.3m on average, the biggest jump in costs came from insider attacks carried out by employees, temporary staff, contractors and business partners.

The cost of these attacks jumped 15% to $1.6 million per organization, on average. Together with malware, they represented a third of all cybercrime costs globally last year, according to Accenture.

It’s a challenge also articulated this week in a new Verizon Insider Threat Report, which revealed that 20% of cybersecurity incidents and 15% of the data breaches investigated in its Data Breach Investigations Report last year were related to insiders.

Although some of these were down to negligence and accidental misuse, many were deliberate actions: the top motivators for insiders were financial gain (48%) and pure fun (23%), according to the report.

“For far too long data breaches and cybersecurity incidents caused by insiders have been pushed aside and not taken seriously. Often, they are treated as an embarrassment or just an issue for HR departments,” said Bryan Sartin, Verizon’s executive director security professional services.

“This has to change. Cyber threats do not just originate from external sources, and to fight cybercrime in its entirety we also need to focus on the threats that lie within an organization’s walls.”

On the plus side, organizations are getting better at detecting breaches quickly, according to the latest M-Trends report released this week. It revealed that dwell times have dropped from a median of 416 days in 2011 to 78 days in 2018.

However, there’s still some work to do in EMEA, where dwell times stood at 177 days in 2018, up slightly from 2017 figures (175). What’s more, the vast majority of these incidents required an initial notification by an external party, meaning IT teams still don’t have the visibility they need into threats.

The report authors claimed part of the reason for faster detections can be linked to more ransomware, cryptomining and BEC attacks, which are easier to spot. However, it also pointed to better threat hunting and enhanced visibility into network, endpoint and cloud service provider environments.

What’s Hot on Infosecurity Magazine?