HP recently unveiled the results from a third annual study and found cybercrime cost Australian enterprises an average of $4.3 million, an 8.3 percent increase from 2013 and representing a 33 percent increase since the study was initiated three years ago.
The 2014 Ponemon Institute study, sponsored by HP Enterprise Security, found the average annualised cost of cyber crime to be substantially higher in the energy & utilities ($8.3m), financial services ($7.9m) and services ($5.5m) sectors than in hospitality ($2.6m), consumer products ($1.8m) and retail ($1.4m). However the average per company cost in Australia is well below the $A13.68 in the US, the highest of seven countries - Russia, Australia, UK, France, Japan, Germany, US in order of cost - examined by the Institute.
These costs do not include "the plethora of expenditures and investments made to sustain an organisation's security posture or [to maintain] compliance with standards, policies and regulations," Ponemon said.
The Ponemon Institute found the most costly cyber crimes to be those caused by denial of services, web-based attacks and malicious insiders. These account for more than 50 percent of all cyber crime costs per organisation on an annual basis. "Mitigation of such attacks requires enabling technologies such as security information and event management, intrusion prevention systems, applications security testing solutions and enterprise governance, risk management and compliance solutions," Ponemon said.
Business disruption continues to represent the highest external cost, followed by the costs associated with information loss. On an annualised basis, business disruption accounts for 40 percent of total external costs (down four percent from last year).Costs associated with information and revenue loss account for 54 percent of external costs (the same as last year).
To determine the average cost of cyber crime, the 30 large organisations in the Australian study were asked to report what they spent to deal with cyber crimes experienced over four consecutive weeks. Once costs over the four-week period were compiled and validated, these figures were then grossed-up to determine the annualised cost.
Every one of the 30 organisations received viruses, worms, trojans and malware during the four week period. Fifty percent had devices stolen, and 33 percent were attacked by malicious insiders. However malicious insider attacks took longer to resolve (average 50.9 days) than any other form of attack.
According to Ponemon, one of the most effective ways of reducing the cost of cyber attacks is to deploy security intelligence technologies. It compared the RoI for security intelligence systems against the RoI for other security tools -perimeter controls and firewalls, encryption, data loss prevention tools, governance, risk management and compliance tools, access governance tools and automated policy management tools and found that security intelligence systems delivered the best RoI.
The full study - 2014 Cost of Cyber Crime Study: Australia - can be downloaded here.