In a yearly study conducted by the Ponemon Institute and funded by Hewlett-Packard, the median cost of dealing with prevention and the repercussions of cybercrime rose from $3.8 million a year in 2010 to $5.9 million a year in 2011. Over the 50 companies in the study, the range of costs varied from $1.5 million to $36.5 million per organization. Over the four-week period of the study, all the organizations put up with 72 successful attacks a week. The majority of these attacks are attributed to web-based, denial of service, phishing, malicious code and malicious insider attacks.
In addition, the majority of money spent on cybercrime by organizations is put into detection of attacks as well as recovery efforts. The study found that companies spent an average of 18 days responding to an attack with an astounding, average price tag of $416,00o. This is a 70 percent increase over 2010 figures of $250,000 per attack with a 14-day response time. Denial of service attacks are the most costly at an average of about $187,000 per attack. Malicious attacks from disgruntled employees within the company typically took about a month and a half to clean up while simple tasks like viruses, botnets and malware took just a few days. However, organizations that take a preventive approach to cybercrime by educating employees on procedure and security can save up to 25 percent on yearly costs of future attacks.
Cyber attacks on major companies have taken a front seat in major media coverage this year. Sony has taken a large amount of criticism for how it handled the security of millions of user accounts on the PlayStation Network and is estimated to have lost $171 million on the PlayStation Network outage. More recently, Rupert Murdoch’s newspapers have come under fire by hackers and declared that Murdoch died on The Sun website. Costs are clearly rising for private companies and government offices. It’s likely more emphasis will be placed on network security over the rest of the year and into 2012.