Cybercrime costs soared in past year

Posted by Emma Woollacott

After a rather eventful year that's seen many massive cyberattacks, a new survey of cybercrime costs has concluded that businesses and governments are shelling out 56 percent more to clean up than a year ago.

Carried out by the Ponemon Institute, HP's second Annual Cost of Cyber Crime Study found that the median annualized cost of cybercrime was $5.9 million per year.

For the organizations surveyed, costs ranged between $1.5 million and $36.5 million each year. Recovery and detection cost the most.

"Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organization’s financial health becoming more substantial," says Tom Reilly, HP's vice president and general manager for enterprise security.

"Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime."

Over a four-week period, the organizations surveyed experienced a whacking 72 successful attacks per week, up nearly 45 percent from last year. More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.

The average attack took 18 days to resolve, with an average cost of nearly $416,000.

"As the sophistication and frequency of cyberattacks increases, so too will the economic consequences," says Larry Ponemon, chairman and founder of the Ponemon Institute. "Figuring out how much to invest in security starts with understanding the real cost of cybercrime."

Well, no-one could deny that it's been a bad year for cybercrime, with the AntiSec movement keeping itself pretty busy. But it's worth remembering the findings of a Microsoft Research study a couple of months ago which found that cybercrime estimates tend to be wildly misleading.

"They are so compromised and biased that no faith whatever can be placed in their findings," it read. The reports are inaccurate for exactly the same reasons as surveys of  the number of men's sexual partners, they say.