Malicious code attacks are costing enterprises four times as much as they did in 2002, according to a recent study by Britain's Corporate IT Forum.
The forum, an organization of IT professionals from some of the U.K.'s largest blue-chip companies, estimates that each incident costs an average of $213,000 in man-hours and related costs. That's a hefty upturn when compared with the results from a 2002 survey conducted by Britain's Department of Trade and Industry (DTI) and PricewaterhouseCoopers. That study put the per-incident price tag at $52,000.
Three quarters of the administrators surveyed by the Corporate IT Forum reported an average of 365 man-hours lost. Of those, one-third reported an average of 3,080 man-hours lost.
This year was a particularly harsh one for malicious code outbreaks. The SQL Slammer worm overran networks with traffic in January, sounding an ominous tone for the rest of the year. In August, administrators and security officers threw their hands up in the air, after successive outbreaks of Blaster, Sobig and their variants arrived in devastating waves. Lately, several variants of the Mimail worm have kept admins and end users up at night.
"And our research is just the tip of the iceberg. [The forum] comprises organizations that spend millions every year on their IT infrastructure and who have already recognized that it is business-critical," said David Roberts, CEO of the organization. "This inevitably means that the survey group have better-than-average security and incident-response policies in place. Organizations with relatively poor protection will be hit even harder, as they will suffer more downtime and wider business disruption -- as well as getting more viruses in the first place. Ultimately, virtually every consumer and every shareholder is paying a price for inadequate protection."
The report determined that enterprises with sturdy incident-response teams and procedures suffered fewer malicious code outbreaks and were able to trim costs. Most infections, it was determined, came from systems integrated with business partners and contractors.
"This emphasizes the need for organizations to apply security policies to third parties accessing their networks," Roberts said.
Results from April's annual Computer Crime and Security Survey, done in conjunction with the FBI the Computer Security Institute (CSI), indicate that enterprises suffered $455 million in quantifiable damages, with most of those attributable to loss of intellectual property and fraud. Denial-of-service attacks, however, cost companies surveyed more than $65 million, and 82% reported virus incidents that cost more than $27 million.
FEEDBACK: Was this the worst year for malicious code attacks at your enterprise? Or were worms merely an expensive nuisance?
Send your feedback to the SearchSecurity.com news team.