Oct 24, 2012

HP Study Shows Cybercrime On Rise

New research conducted by the Ponemon Institute reveals that the cost and frequency of cybercrime has risen for the third straight year. According to the Hewlett-Packard study, the amount of cyberattacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent. Dr. Larry Ponemon, chairman and founder of Ponemon Institute, told CBS that the “crimes are becoming more frequent and more malicious. “I call it the one-two punch where there’s a bad guy inside the organization pretending to be a good guy. It can be very difficult to detect because they use a combination of low or high-tech methods to get at the information or to actually do damage to an organization,” said Dr. Ponemon to CBS. The 2012 Cost of Cyber Crime Study further found that the average annualized cost spent by U.S. organizations for cybercrime was $8.9 million. The findings represent a six percent increase from 2011, and a 38 percent increase over 2010. Although the study found an average of 102 successful attacks per week – 72 attacks per week in 2011 and 50 attacks per week in 2010 – Varun Kohli, director of marketing for Hewlett-Packard Security Products told CBS that many companies still don’t take the threats seriously. In the CBS article, Kohli said, “You’d be surprised to know that some of the biggest companies out there who have pretty valuable information to hackers. They have not done a good job of securing their enterprise. They are actually putting information on the Internet that they should not be putting on the Internet in the first place.” While the report showed that all cybercrimes continue to be costly, those that cause the most harm are by malicious code, denial of service, stolen or hijacked devices and malevolent insiders. According to the study, they account for more than 78 percent of annual cybercrime costs per company. “Organizations are spending increasing amounts of time, money and energy responding to cyberattacks at levels that will soon become unsustainable,” said Michael Callahan, vice president, Worldwide Product and Solution Marketing, Enterprise Security Products, Hewlett-Packard. Callahan adds, “There is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of these attacks.” Additional findings from the study include:

Highest external costs on an annual basis: Information theft accounts for 44 percent, while distribution to business or lost productivity account for 30 percent.
Companies that deployed security information and event management (SIEM) solutions save nearly $1.6 million annually. “As a result, these organizations experienced a substantially lower cost of recovery, detection and containment than organizations that had not deployed SIEM solutions.”
The average time to resolve a cyberattack is 24 days. During this time, the average cost incurred was $591,780 – a 42 percent increase from 2011.
The most costly internal activities associated with cybercrime include recovery and detection – account for almost half of the total internal cost.

“The purpose of this benchmark research is to quantify the economic impact of cyberattacks and observe cost trends over time,” said Dr. Ponemon. “We believe a better understanding of the cost of cybercrime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.”