The cost of cyber crime to US companies is moving rapidly in a dangerous direction.
According to cybersecurity research firm The Ponemon Institute, the average annualized cost of cyber crime to US organizations has nearly doubled in the last five years.
“The bottom line is [the cost of cyber crime] is definitely on the move—and moving up,” said Larry Ponemon, chairman and founder of the institute, during a webinar to dicuss the 2014 Cost of Cyber Crime Study
According to its research, Ponemon has found the average annualized cost of cyber crime in the US in 2014 to be $12.7 million per year—an increase of 9.3 percent in mean value from 2013. The range of losses incurred by companies was $1.6 million to $61 million, which was the highest loss 2014, research found.
Globally (the study includes the US, United Kingdom, Germany, Australia, Japan, France and Russia), $7.6 million is the average annualized cost in 2014, which more than a 10 percent increase over a year ago. This year-to-year comparison excludes Russia since this is the first year the country was added to the study.
A total of 257 companies were included in the study. Fifty-nine were from the US. Ponemon conducted a total of more than 2,000 interviews to get the data over 10 months.
The research found that 86 companies absorbed total costs of more than the mean of $7.6 million.
Larger organizations deal with more annualized cost but based on the number of enterprise seats—a workstation operated by one user—smaller organizations sustain higher costs than larger peers. Large and small organizations appear to be affected evenly by nine attack types, with malicious code leading the way. Malicious codes account for 25 percent of cyber crime for large organizations and 22 percent for smaller companies.
Using another example, phishing and social engineering are to blame for 15 percent of attacks for small organizations and 11 percent for large ones.
“The differences may seem insignificant but they are very significant in terms of impact on cost,” Ponemon said during the webinar.
Across five years, the industry sectors of energy & utilities, financial services and technology tend to have higher cyber crime costs. Energy organization absorbed an average costs of $26.5 million in 2014 compared to a five year average of $20.6 million. Hospitality and healthcare are on the lower end, yet still very expensive. Average cyber crime costs were $6 million in 2014 to those on the healthcare industry.
In 2014 Information loss slightly outpaces business interruption as the source of the highest external cost to a breached organization, 40 percent to 38 percent, respectively. A larger gap between these aggregated categories is seen over a 5-year average, with information loss accounting for 42 percent of costs and business interruption at 31 percent.