10 October 2015

The escalating economic impact of cyber crime

Source: HP infographic.
HP has unveiled the results from its sixth annual study in partnership with the Ponemon Institute detailing the economic impact of cyber attacks across both the private and public sectors. 

The findings reveal a dramatic increase in the overall cost of cyber crime, and reveal that small organisations incur a significantly higher per capita cost than larger organisations3.

Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2015 Cost of Cyber Crime Study quantifies the annual cost of cyber crime for companies across seven countries: the US, UK, Japan, Germany, Australia, Brazil and the Russian Federation.

In the study, researchers found the average annualised cost of cyber crime incurred by a benchmark sample of Australian and Japanese organisations had increased by 13% and 14% respectively since last year. The results also revealed that it took an average of 31 days to resolve a cyber attack in Australia as compared to 26 days in Japan1, 2.

“As organisations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” said Matthew Shriner, Director, Enterprise Security Products, Asia Pacific and Japan, and Europe, Middle East and Africa, HP. “To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact.”

Key findings from the 2015 Australia and Japan Cost of Cyber Crime Studies:

· Cyber crimes continue to be very costly: The average annualised cost of cyber crime incurred in Japan was US$6.81 million, compared to US$3.47 million in Australia1, 2.

· Cyber crimes require more time to resolve: The average time to resolve a cyber attack was 31 days in Australia, compared to 26 days in Japan. This represents an increase of eight days in Australia and one day in Japan over the last year. Results also showed that malicious insider attacks can take an average of 50 days to contain in Australia, compared to 37 days in Japan1, 2.

Understanding the cyber threats that pose the biggest risk and have the most economic impact to organizations can help enterprises better plan their security approach and investments.

· In both Japan and Australia, the most costly cyber crimes continued to be caused by denial of service and malicious insiders1, 2.

· In Australia, business disruption continued to represent the highest external cost, followed by the costs associated with information loss. On an annual basis, business disruption accounted for 38% of total external costs1.

· In Japan, information theft represented the highest external cost, followed by the costs associated with business disruption. On an annual basis, information theft accounted for 48% of total external costs2.

· Recovery and detection were the most costly internal activities in both countries. Australia reported that it accounted for 48% while Japan reported it accounted for 53% of the total annual internal activity cost. In both countries, productivity, cash outlays and direct labour represented the majority of these costs1, 2.

Organisations investing in and using security intelligence technologies and governance practices to address the crimes that proved most costly were more efficient in detecting and containing cyber attacks, thereby reducing costs otherwise incurred1.

· Deploying a security information and event management (SIEM) solution led to an average cost savings of US$1.9 million per year3, compared to companies not deploying similar security solutions.

· Employment of certified/expert security personnel trigger savings of US$1.5 million3.

· The appointment of a high-level security leader can reduce costs by US$1.3 million3.

“With cyber attacks growing in both frequency and severity, understanding of the financial impact can help organisations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute. “As seen in this year’s study, the return on investment for organisations deploying security intelligence systems, such as SIEM, realised an average annual cost savings of nearly US$4 million – showcasing the ability to minimise impact by more efficiently detecting and containing cyber attacks.”

Across all seven countries studied, the US sample reported the highest total average cost of cyber crime at US$15 million per company. The Japan sample ranked third globally at US$6.81 million while the Australia sample ranked second lowest out of seven countries, reporting an average cost of cyber crime at US$3.47 million3.


Hear more detail on the Cost of Cyber Crime Study’s findings and how actionable security intelligence can help to minimise the impact of cyber crime through a webcast being held Wednesday, October 14 at 12 pm EDT (12am October 15 Singapore time). 

1 2015 Cost of Cyber Crime Study: Australia, Ponemon Institute, September 2015.
2 2015 Cost of Cyber Crime Study: Japan, Ponemon Institute, October 2015.
3 2015 Cost of Cyber Crime Study: Global, Ponemon Institute, October 2015.
4 2014 Cost of Cyber Crime Study: Australia, Ponemon Institute, October 2014.
5 2014 Cost of Cyber Crime Study: Japan, Ponemon Institute, October 2014.