Attacks targeting enterprises are rising in frequency and remaining on company systems for longer periods of time, contributing to a skyrocketing increase in the cost of cybercrime, according to a new report.
Attacks are happening in multiple places at the same time and they’re happening in ways that [are] harder for the organization to detect and contain.
Larry Ponemon, founder and chairman, Ponemon Institute
The cybercrime cost to enterprises has increased 56% from 2010, according to the Second Annual Cost of Cybercrime Study, produced by the Ponemon Institute on behalf of HP ArcSight. The burgeoning costs are plaguing both business and government agencies, said Larry Ponemon, founder and chairman of the Ponemon Institute.
The 2011 Cost of Cybercrime Study, which surveyed 50 organizations, used a benchmark sample to arrive at a median annualized cost to organizations of $5.9 million per year.
“The nature of the attacks seems to be more severe, so we believe organizations are spending more on upfront costs of forensics and detection capabilities,” Ponemon said. “Attacks are happening in multiple places at the same time and they’re happening in ways that [are] harder for the organization to detect and contain.”
Also contributing to the rising costs is the length of time cybercriminals had once they penetrated enterprise systems. The average time an incident response team resolved a cyberattack was 18 days, with an average cost to organizations of nearly $416,000, a 70% increase from the 2010 Cost of Cybercrime Study (.pdf). Organizations reported resolving an attack in 14 days in last year’s study, with an average cost of containment and clean-up of $250,000.
Ponemon said organizations have to deal with multiple kinds of attacks and multiple attack vectors, making early detection and containment much more difficult. Over a four-week period, the organizations surveyed for the study said they experienced 72 successful attacks per week, an increase of nearly 45% from last year. The Ponemon report defines a successful attack as an attack that infiltrates the network, or the enterprise system, or both.
In nearly all instances, malicious code was used in successful attacks. Denial-of-service attacks, stolen devices and Web-based attacks also contributed to increasing cybercrime costs, the Ponemon study found. Attacks by malicious insiders and targeted phishing attacks were harder to detect, contain and remediate.
“For whatever reason, it seems like the whole issue of cybercrime is getting worse rather than staying constant,” Ponemon said.
Detection and recovery contributed the most to the internal cost of cybercrime. Meanwhile, data theft, business disruption and lost productivity contributed the most to the external cost of cybercrime. Information loss was found to far outweigh business disruption in terms of cost. Ponemon said the study also cited the theft of intellectual property, internal memos, business documents and source code, a costlier problem than the theft of customer data, credit card information or employee account credentials.
Early detection technologies could help reduce costs if they are deployed properly and monitored, Ponemon said. Security information and event management (SIEM) appliances and advanced network monitoring systems can help detect attacks much earlier, resulting in less stolen data. A focus on governance, risk management and compliance concepts, practices and technologies, Ponemon said, also help contain average cybercrime costs.
“Network intelligence, SIEM and GRC activities all seem to point in the direction of containing costs, but you can’t totally annihilate costs,” Ponemon said. “You can’t have a perfect system; there’s kind of a point of diminishing marginal returns.”