The global cost of cybercrime has rocketed by 23% over the past year to reach $11.7m per business, according to the latest report from Accenture.
The consulting giant commissioned the Ponemon Institute to poll over 2100 global organizations to compile its Cost of Cyber Crime Study, and found cybercrime showing no signs of slowing.
Financial services ($18m) and energy ($17m) suffered the worst losses, and US firms ($21m) incurred the highest average cost of any country, while Australia reported the lowest ($5m) and the UK had the lowest change from last year: from $7m to $8.7m.
The stats also revealed that firms on average suffered 130 'breaches' – network or system infiltrations – annually, a 27% increase on the 2016 report findings.
Malicious insiders caused the most havoc, with related incidents taking on average 50 days to resolve, while ransomware attacks take over 23 days.
However, malware ($2.4m) and web attacks ($2m) are the most costly.
Of the four main impacts considered in the report, loss of information was pegged by respondents as the most damaging (43%), while business disruption decreased from 39% in 2015 to 33% this year, despite the recent impact of large-scale ransomware attacks like NotPetya and WannaCry.
Organizations including Merck, Maersk and most recently FedEx have all been forced to reveal losses in the hundreds of millions of dollars following the NotPetya attacks which disrupted global operations.
Kelly Bissell, managing director of Accenture Security, argued that security investments in the right areas can make a difference.
“The costly and devastating consequences businesses are suffering, as a result of cybercrime, highlights the growing importance of strategically planning and closely monitoring security investments,” she added.
“Keeping pace with these more sophisticated and highly motivated attacks demands that organizations adopt a dynamic, nimble security strategy that builds resilience from the inside out – versus only focusing on the perimeter – with an industry-specific approach that protects the entire value chain, end-to-end.”
However, of the nine security technologies evaluated in the report, the highest percentage spend was on advanced perimeter controls, despite having one of the poorest ROIs.
Firms implementing the technology realized operational cost savings of just $1m associated with identifying and remediating cyber-attacks, versus $2.8m for security intelligence systems, and $2.2m for automation, orchestration and machine learning technologies.