There are many costs when it comes to cyber crime. One of these is the potential loss of data as, having failed to properly protect the personal (and payment) data of your clients and customers, you may see their private, financial information getting into the hands of cyber criminals. Another is the loss your reputation as potential clients and customers may regard you as "that business that isn’t doing enough to keep its data safe".

average-cost-of-cyber-crime-climbing-hp-and-ponemon-research

While these can be devastating to any organisation, it’s often the monetary losses that can deal the most damage.

What was the “Cost of Cyber Crime” in 2015?

The 2015 Cost of Cyber Crime Study: Global report – created by the Ponemon Institute and sponsored by Hewlett Packard Enterprise – has the answer to that very question.

This international study looked at 252 organisations in seven different countries (the United Kingdom, the Russian Federation, Brazil, Germany, Japan, Australia and the United States), looking at the cost of cyber attacks (which in this study refers to criminal activity conducted via the Internet “starting with the detection of the incident and ending with the ex-post or final response to the incident.”

hp_2015_cost_of_cyber_crime_2.png

For the financial year 2015 (FY15), organisations in the United States lost $15.42 million on cyber crime, organisations in the United Kingdom lost $6.32 million and organisations in Brazil lost $3.85 million.

While the data suggests that organisations in Japan, Russia, Germany and Australia spent less on cyber crime in FY15 ($6.81 million, $2.37 million, $7.50 million and $3.47 million, respectively), the report notes that these findings are “due to exchange rate differences over the past year resulting from a strong U.S. dollar relative to other local currencies” and that “the percentage net change between FY 2015 and FY 2014 in U.S. dollars (excluding Brazil) is 1.9 percent.” The average annualised cost of cyber crime is $7.7 million.

Other findings from the report include the fact that “small organizations incur a significantly higher per capita cost than larger organizations ($1,388 versus $431)” and that although all industries can be victim to cyber crime, organisations in the financial services and the utilities & energy sector “experience substantially higher cyber crime costs than organizations in healthcare, automotive and agriculture.”

Moreover, the report noted that the most costly types of cyber attack are “those caused by malicious insiders, denial of services and web-based attacks,” with business disruption (including lost employee productivity and business process failures) along with costs associated to information lost representing the highest external costs.

The report also notes that “the mean number of days to resolve cyber attacks is 46 with an average cost of $21,155 per day – or a total cost of $973,130 over the 46-day remediation period,” meaning that things can get costly quickly if organisations don’t fix the problem.

Organisations are set to increase their IT Security spending...and with good reasons!

What the report also notes, however, is that organisations have found ways to make savings when it comes to the cost of cyber crime. For example, organisations that use security intelligence systems (SIEM) are more efficient in “detecting and containing cyber attacks” and “these companies enjoyed an average cost savings of $1.9 million when compared to companies not deploying security intelligence technologies.”

Meanwhile, organisations deploying SIEMs have a ROI (return on investment) 23% higher “than all other technology categories presented” and “the estimated ROI results for companies that extensively deploy encryption technologies (21 percent) and advanced perimeter controls such as UTM, NGFW, IPS with reputation feeds (20 percent).”

hp_2015_cost_of_cyber_crime_1.png

Additionally, the report explains that “companies that employ expert staff can reduce cyber crime costs by an average of $1.5 million and those that appoint a high-level security leader reduce costs by an average of $1.3 million.”

There are also savings for organisations that employ certified/expert security personnel ($1,458,736), as well as organisations that conduct substantial training and awareness activities ($1,150,951) and get certification against industry-leading standards ($549,620).

These statistics perhaps explain why so many organisations are set to increase their IT security spending in the next few years. In a forecast from research firm Gartner, Inc., worldwide spending on information security was estimated to reach $75.4 billion in 2015, “an increase of 4.7 percent over 2014.”

Elizabeth Kim, a research analyst at Gartner also added that “interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks.”

Organisations are making these investment in IT security with good reason and the Hewlett Packard Enterprise and Ponemon Institute report isn’t the only data that details just how pricey cyber crime can be. Juniper Research has suggested that “the average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected,” while IOCTA 2015 noted that the number of data breaches is on the rise.

Keep on reading IT Security related content in our Security Blog, discover how your can protect your customers personal (and payment) data and how to develop applications secure by design.

Get in touch with us if you want our experts to take a look at the security status of your organisation. 

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.