Twitter Feed



    I happened to receive this update awhile back from a friend at HP. but neglected to post and/or tweet.

    This is the 2012_US_Cost_of_Cyber_Crime_Study  United States, a Benchmark Study of U.S. Companies by The Ponemon Institute.

    This was sponsored by HP Enterprise Security, and this year’s study is based on a representative sample of 56 organizations in various industry sectors.  A very good read for those in Risk Management

    Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information.

    Key takeaways from this research include:

    • Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.
    • Cyber attacks have become common occurrences. The companies in our study experienced 102 successful attacks per week and 1.8 successful attacks per company per week. This represents an increase of 42 percent from last year’s successful attack experience. Last year’s study reported 72 successful attacks on average per week.
    • The most costly cyber crimes are those caused by denial of service, malicious insiders and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions.

    The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.


    The Ponemon Institute is considered the pre-eminent research center dedicated to privacy, data protection and information security policy.  Their annual consumer studies on cyber crime and privacy trust are widely quoted in the media.  Quantifying the cost of a data breach has become valuable to organizations seeking to understand the business impact of lost or stolen data.


    Leave a Reply