Cybercrime Costs US Firms $15m Per Year

The annual cost of cybercrime to US organizations rose nearly 20% over the past year to reach an average of $15m – far greater than the global figure, according to the latest data from the Ponemon Institute.

The $15m which cybercrime costs the average US firm is a whopping 82% higher than the figure was six years ago when the first Cost of Cyber Crime study was issued by Ponemon.

The research also revealed that the average amount of time it takes a US organization to resolve a single attack now stands at 46 days – a near 30% increase since 2009.

Things aren’t quite so bad globally – which includes the UK, Brazil, Russia, Germany, Australia and Japan.

HP and the Ponemon Institute found the average annualized cost of cybercrime worldwide to stand at $7.7m, a 1.9% increase since last year.

Despite falling from over $8m last year, German organizations were hit by the biggest costs ($7.5m) in this year’s study, followed by Japan ($6.8m) and the UK ($6.3m).

The report found that small organizations “incur a significantly higher per capita cost than larger organizations ($1,388 versus $431).”

It added that the most costly crimes are related to malicious insiders, denial of service and web-based attacks but the former takes longer to address – on average 63 days in the US.

Business disruption represents the highest external cost, followed by the costs associated with information loss, the report claimed.

“With cyber-attacks growing in both frequency and severity, understanding of the financial impact can help organizations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” said Larry Ponemon in a statement.

“As seen in this year’s study, the return on investment for organizations deploying security intelligence systems, such as SIEM, realized an average annual cost savings of nearly $4m – showcasing the ability to minimize impact by more efficiently detecting and containing cyber-attacks.”

What’s Hot on Infosecurity Magazine?