ARN

Cyber crime costing businesses US$11.7M

Attacks costing Australian organisations US$5.41 million annually

Cyber attacks cost companies an average of US$11.7 million this year, a 23 per cent increase from 2016, according to research.

The surge follows the recent WannaCry and Petya ransomware attacks that cost global organisations hundreds of millions of dollars, the Cost of Cyber Crime study by Accenture on and Ponemon Institute said.

These types of ransomware attacks are taking an average of more than 23 days to mitigate, the report found. This compares to incidents involving malicious insiders which are taking on average 50 days to mitigate.

The study surveyed 2,182 security and IT professionals in 254 organisations worldwide.

Australian organisations reported the lowest total average cost from a cyber attack at US$5.41 million (A$6.88 million) while companies in the United States incurred the highest total average cost at $21.22 million. Germany experienced the most significant increase in total cyber crime costs from US$7.84 million to $11.15 million.

Costs also varied considerably by the type of cyber attack. American companies are spending more to resolve all types of cyber attacks, particularly malware ($3.82 million per incident) and web-based attacks ($3.40 million per incident).

For companies in Germany and Australia, 23 per cent of total annual cyber incident costs are due to malware attacks, the report said.

Meanwhile, companies suffer, on average, 130 breaches every year. This is a 27.4 per cent increase over 2016 and almost double what it was five years ago. Breaches have been defined as core network and enterprise system infiltrations.

Researchers evaluated how much money organisations spent on 9 different security technologies. The highest percentage was spent on advanced perimeter controls, but companies deployment these solutions only realised operational cost savings of $1 million associated with identifying and remediating cyber attacks, suggesting possible inefficiencies in allocation of resources.

Among the most effective categories in reducing losses from cyber crime are security intelligence systems, defined as tools that ingest intelligence from various sources that help companies identify and prioritise internal and external threats.

These systems delivered cost savings of US$2.8 million. Automation, orchestration and machine learning technologies were only deployed by 28 per cent of organisations, the lowest of the technologies surveyed – but provided by the third highest cost savings for security technologies overall at US$2.2 million.

Finally, researchers considered 4 impacts on organisations that suffered a cyber attack: business disruption, loss of information, loss of revenue, and damage to equipment. Loss information was the most damaging as mentioned by 43 per cent of respondents.

“The foundation of a strong and effective security program is to identify and ‘harden the most-high value assets,” said Dr Larry Ponemon, founder of the Ponemon Institute.

“While steady progress has been made in improving cyber defense, a better understand of the cost of cyber crime could help businesses bridge the gap between their own vulnerabilities and the escalating creativity – and numbers – of threat actors,” he said.