Annual Study Reveals Average Cost of Cyber Crime Escalates 96 Percent to $12.7 Million per Organization

PALO ALTO, CA -- (Marketwired) -- Oct 15, 2014 -- HP (NYSE: HPQ) today unveiled the results from its fifth annual study in partnership with the Ponemon Institute detailing the rising cost, frequency and time to resolve cyber attacks.

Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2014 Cost of Cyber Crime Study found the average annualized cost of cyber crime incurred by a benchmark sample of U.S. organizations was $12.7 million,(1) representing a 96 percent increase since the study was initiated five years ago.(2) The results also revealed the time it takes to resolve a cyber attack has increased by 33 percent during this same period, with the average cost incurred to resolve a single attack totaling more than $1.6 million.

During the study period, significant cyber crimes occurred in the U.S. involving the theft of millions of payment cards, Internet credentials, intellectual property and online bank accounts. According to the 2014 Cost of Cyber Crime Study, advanced security intelligence tools such as Security Information and Event Management (SIEM) solutions, Intrusion Prevention Systems (IPS) with reputation feeds, network intelligence systems and big data analytics help organizations detect and contain cyber attacks resulting in significant reductions in the annualized cost of cyber crime.(1)

"Adversaries only need to be successful once to gain access to your data, while their targets must be successful every time to stop the barrage of attacks their organizations face each day," said Art Gilliland, Senior Vice President and general manager, Enterprise Security Products, HP. "No amount of investment can completely protect organizations from highly sophisticated cyber attacks, but improving and prioritizing your organization's ability to disrupt the adversary with actionable intelligence solutions such as SIEM, can significantly improve attack containment and reduce the overall financial impact."

Key findings from the 2014 Cost of Cyber Crime Study

  • Cyber crimes continue to be very costly: The average annualized cost of cyber crime incurred was $12.7 million, with a range of $1.6 million to $61 million; an increase of 9 percent or $1.1 million over the average cost reported in 2013.(2)
  • Cyber crimes are intrusive and common: Organizations experienced a 176 percent increase in the number of cyber attacks, with an average of 138 successful attacks per week, compared to 50 attacks per week when the study was initially conducted in 2010.(2)
  • Cyber crimes require more time to resolve: The average time to detect a malicious or criminal attack by a global study sample of organizations was 170 days. The longest average time segmented by type of attack was 259 days, and involved incidents concerning malicious insiders. The average time to resolve a cyber attack once detected was 45 days, while the average cost incurred during this period was $1,593,627 -- representing a 33-percent increase over last year's estimated average cost of $1,035,769 for a 32-day period.(2)
  • Cyber crimes impact all industries: Of the 17 industries included in the study, all reported to have been impacted by cyber crime, and in the U.S., the highest annual cost per organization was reported in the Energy & Utilities and Defense industries. The average annualized cost per company in the Energy & Utilities, Technology and Retail sectors rose most significantly in the U.S. when compared to average annualized cost over the 5 years the study has been published. The retail sector alone has more than doubled when compared to average cost over the five year period.(1)

The most costly cyber crimes

  • The most costly cyber crimes are those caused by denial of services, malicious insiders and malicious code. These account for more than 55 percent of all cyber crime costs per organization on an annual basis.(3)
  • Information theft continues to represent the highest external cost, followed by the costs associated with business disruption.(4) On an annual basis, information theft accounts for 40 percent of total external costs (down 2 percent from the five-year average), while costs associated with disruption to business or lost productivity account for 38 percent of external costs (up 7 percent from the five-year average).
  • Recovery and detection are the most costly internal activities, accounting for 49 percent of the total annual internal activity cost with cash outlays and direct labor representing the majority of these costs.(1)

Deployment of security intelligence solutions makes a difference
Organizations using security intelligence technologies were more efficient in detecting and containing cyber attacks. For those having deployed a SIEM solution, the average cost savings was $5.3 million per year, a 32 percent increase in savings from last year. Organizations with technologies such as an Intrusion Prevention System (IPS) and Next-generation Firewall (NGFW) boasted a 15 percent ROI result.

"Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Based on more than 2,000 interviews, the annual Cost of Cyber Crime research continues to provide valuable insights into the rising cost of cyber attacks to help organizations across all industries understand the serious financial impact that can result if measures are not taken to put solutions, process and expertise in place to minimize risk."

In addition to the fifth annual study of U.S. organizations, Ponemon conducted cyber cost studies for organizations in Australia, Germany, Japan, France and the United Kingdom. A study of Russian companies was conducted for the first time this year. Of the countries surveyed, the U.S. sample reported the highest total average cost of cyber crime at $12.7 million, while the Russian sample reported the lowest, at $3.3 million.(1) The global results are available in a separate report entitled, 2014 Global Report on the Cost of Cyber Crime.

Learn more about research findings
Detailed findings from the 2014 Cost of Cyber Crime Study are available via webcast. Details for the U.S. webinar can be found here. Details for the EMEA webinar can be found here and the APJ webinar can be found here. For more information, including the reports and an assessment tool, visit www.hp.com/go/Ponemon.

Additional information about HP Enterprise Security Products is available at www.hpenterprisesecurity.com and HP Enterprise Security Services at www.hp.com/enterprise/security.

HP's premier EMEA client event, HP Discover, takes place Dec. 2 - 4 in Barcelona, Spain.

About HP
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers' most complex challenges in every region of the world. More information about HP is available at http://www.hp.com.

© 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

(1) "2014 Cost of Cyber Crime Study: United States," Ponemon Institute, October 2014.
(2) Based on internal analysis of the results from the 2010-2014 "Cost of Cyber Crime Study: United States" reports from Ponemon Institute.
(3) This year the category "malicious insider" includes the cost of stolen devices.
(4) In the context of this study, an external cost is one that is created by external factors such as fines, litigation, marketability of stolen intellectual properties and more.

Editorial contacts

Kristi Rawlinson
HP

kristi.rawlinson@hp.com


www.hp.com/go/newsroom 





Review Article Be the first to review this article
CST Webinar Series

EMA:

Featured Video
Editorial
Peggy AycinenaWhat Would Joe Do?
by Peggy Aycinena
Retail Therapy: Jump starting Black Friday
Peggy AycinenaIP Showcase
by Peggy Aycinena
REUSE 2016: Addressing the Four Freedoms
More Editorial  
Jobs
Development Engineer-WEB SKILLS +++ for EDA Careers at North Valley, CA
Manager, Field Applications Engineering for Real Intent at Sunnyvale, CA
Principal Circuit Design Engineer for Rambus at Sunnyvale, CA
AE-APPS SUPPORT/TMM for EDA Careers at San Jose-SOCAL-AZ, CA
ACCOUNT MANAGER MUNICH GERMANY EU for EDA Careers at MUNICH, Germany
Upcoming Events
2016 IEEE International Electron Devices Meeting at Hilton San Francisco Union Square 333 O’Farrell Street San Francisco CA - Dec 3 - 7, 2016
Zuken Innovation World 2017, April 24 - 26, 2017, Hilton Head Marriott Resort & Spa in Hilton Head Island, SC at Hilton Head Marriott Resort & Spa Hilton Head Island NC - Apr 24 - 26, 2017
CST Webinar Series



Internet Business Systems © 2016 Internet Business Systems, Inc.
595 Millich Dr., Suite 216, Campbell, CA 95008
+1 (408)-337-6870 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy Policy