I happened to receive this update awhile back from a friend at HP. but neglected to post and/or tweet.
This is the 2012_US_Cost_of_Cyber_Crime_Study United States, a Benchmark Study of U.S. Companies by The Ponemon Institute.
This was sponsored by HP Enterprise Security, and this year’s study is based on a representative sample of 56 organizations in various industry sectors. A very good read for those in Risk Management
Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information.
Key takeaways from this research include:
- Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.
- Cyber attacks have become common occurrences. The companies in our study experienced 102 successful attacks per week and 1.8 successful attacks per company per week. This represents an increase of 42 percent from last year’s successful attack experience. Last year’s study reported 72 successful attacks on average per week.
- The most costly cyber crimes are those caused by denial of service, malicious insiders and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions.
The purpose of this benchmark research is to quantify the economic impact of cyber attacks and observe cost trends over time. We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.
2012_US_Cost_of_Cyber_Crime_Study
The Ponemon Institute is considered the pre-eminent research center dedicated to privacy, data protection and information security policy. Their annual consumer studies on cyber crime and privacy trust are widely quoted in the media. Quantifying the cost of a data breach has become valuable to organizations seeking to understand the business impact of lost or stolen data.
- Impact! Interior Design Solutions
- Symantec – Internet Security Threat Report 2013
- NIST – Managing Identity Requirements for Remote Users of Information Systems to Protect System Security and Information Privacy
- National Institute of Standards and Technology (NIST) – Security and Privacy Controls for Federal Information Systems and Organizations
- Know your Enemies – Know Yourself – Art of War
- Symantec: Annual Study: U.S. Cost of a Data Breach
- National Institute of Standards and Technology – Glossary of Key Information Security Terms
- Ponemon Institute – 2012 Cost of Cyber Crime Study
- Ponemon Institute – Third Annual Benchmark Study on Patient Privacy & Data Security
- Stuxnet-style SCADA attack kept quiet after US gov tests