Cybercrime fight costing companies more this year

A study says the 56 percent increase can be blamed on malicious code, denial of service attacks and stolen devices

Cybercrime cost corporations 56 percent more this year than last, according to an annual study from the Ponemon Institute and sponsored by ArcSight, an HP company.

"Cybercrimes can do serious harm to an organization's bottom line," said the study, which found that the median cost related to cybercrime to the 50 companies in the survey was $5.9 million.

Larry Ponemon, founder and chairman of the Traverse, Mich., company that bears his name, told PCWorld there have been several root causes for the bump up in the cost of cyber crime. "Sophisticated stealthy types of cyber crime are happening more frequently," he said.

When the study was done last year, he explained, more visible forms of cybercrime dominated the mix - viruses, worms, Trojans, malware and botnets. "Now we're seeing more insidious kinds of attacks like malicious code, denial of service, stolen devices, Web-based attacks and malicious insiders," he observed.

"Those are more costly to deal with," because it takes more time to clean them up, he said. Last year, when more conventional cybercrime tools dominated the landscape, it took an average of 14 days and $247,744 to clean up an attack. This year, with a jump in stealthy tactics, that average increased to 18 days, and the cost climbed to $417,748.

Stealth attacks are more difficult to clean up because they "move in quietly to position the attacker lower in the infrastructure and to be able to go after information in a longer term, strategic way," according to ArcSight Public Sector CTO Prescott Winter.

"They're more ingenious in how they launch the attack, which makes them harder to find once they launch it," Winter said.

It's also getting more difficult to defend against intruders, Ponemon noted. "Some of these intruders throw a one-two punch," he said. At the front door, there's a denial of service attack that consumes a defender's resources, he explained, but at the same time other attacks are launched on the defender's position - an insider threat, for instance, and proliferating botnet software.

"When you're getting attacked from two fronts, it's just harder to defend yourself," he said.

That's especially true for organizations who believe strong perimeter defenses alone will protect them, Winter contended. "There's no such thing as a bulletproof perimeter anymore," he said.

"It's absolutely guaranteed these days that the attacker will get in," he maintained. "So the strategy has to change from watching the outside wall to trying to figure out what's happening inside the network."

The study also discovered:

  • The cost to smaller organizations of a cybercrime incident is higher on a per capita basis than to larger organizations.
  • The number of attacks on the companies in the survey increased over last year by 44 percent, to 72 successful attacks per week.
  • Forty percent of the external costs to an organization for cybercrime were attributed to data theft, a 2 percent dip from 2010, and 28 percent to business disruption and lost productivity, a 6 percent increase from last year.
  • The biggest internal costs attributed to cybercrime were tagged to detection and recovery (45 percent).
  • The cost of cybercrime can be moderated by the use of security information and event management systems. The outlay for dealing with a cybercrime incident for firms with those systems was 24 percent lower than for those without the systems, the study noted.

Join the PC World newsletter!

Error: Please check your email address.

Tags network securityfirewallshackerssecuritylegalarcsightcybercrime

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John P. Mello Jr.

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?