The fifth annual Cost of Cybercrime report from the Ponemon Institute found that businesses lose an average of $12.7 million to cybercrime. This is up 9.7 percent over the previous report’s study, indicating that the cost of cybercrime is on the rise.
The report this year was sponsored by Hewlett Packard’s Enterprise Security division and it found that business disruptions account for about three-quarters of those cybercrime losses. The report confirmed, as of previous ones, that business who prioritize cybercrime prevention tend to fare better in terms of losses than do those who do not.
Companies who use technology to catch and flag potential intrusions into critical systems, the report says, for exmaple, have costs lowered by about $2.6 million (to $10.1M) versus those who do not ($12.7M). The highest cost is usually incurred in the minutes it can take a security team to detect and stop a breach which could have otherwise been thwarted by automated software.
The Ponemon Institute has conducted its cybercrime costs survey annually for the past five years. The report suggests that most companies are generally unaware of what is happening on their networks. The average company took 170 days to detect an attack and 31 days, on average, to resolve cybercrime attacks. Each day added an average of nearly $21,000 onto the cost of the attack.
The Ponemon survey focused on corporations with 1,000 or more employees, however, but suggests that smaller firms may take a larger hit, in terms of percentage of revenue lost, than do larger ones. Smaller companies, the report says, pay an average of $1,601 per worker, they estimate, versus the $437 per worker paid by the larger firms surveyed.
The report can be found here.