The UK lost $6.3bn in financial year 2015, up from $5.9bn last year and $4.7bn in 2013.
In its annual cyber crime report the highly respected Ponemon institute ranked the UK fourth behind the US, Germany and Japan on cyber crime costs for enterprise businesses as measured by number seats.
The Ponemon Institute global report findings include: The mean annualized cost for 252 benchmarked organizations is $7.7 million per year, with a range from $0.31 million to $65 million. Last year’s mean cost was $7.6 million, or a 1.9 percent net change after adjustment for currency differences/
Results reveal a positive relationship between organizational size (as measured by enterprise seats) and annualized cost.4 However, based on enterprise seats, we determined that small organizations incur a significantly higher per capita cost than larger organizations ($1,388 versus $431).
Activities relating to IT security in the network layer receive the highest budget allocation. In contrast, the host layer receives the lowest funding level.
Deployment of security intelligence systems makes a difference. The cost of cyber crime is moderated by the use of security intelligence systems (including SIEM). Findings suggest companies using security intelligence technologies were more efficient in detecting and containing cyber attacks. As a result, these companies enjoyed an average cost savings of $1.9m when compared to companies not deploying security intelligence technologies.
Detection is the most costly internal activity followed by recovery . On an annualized basis, detection and recovery costs combined account for 53 percent of the total internal activity cost with productivity loss and direct labor representing the majority of these costs.
The most costly cyber crimes are those caused by malicious insiders, denial of services and web-based attacks. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, applications security testing solutions and enterprise GRC solutions.
Results show a positive relationship between the time to contain an attack and organizational cost. Please note that resolution does
not necessarily mean that the attack has been completely stopped. For example, some attacks remain dormant and undetected (i.e., modern day attacks). The mean number of days to resolve cyber attacks is 46 with an average cost of $21,155 per day – or a total cost of $973,130 over the 46-day remediation period.
On an annualized basis, business disruption accounts for 39 percent of total external costs, which include costs associated with business process failures and lost employee productivity.
All industries fall victim to cybercrime, but to different degrees. The average annualized cost of cyber crime appears to vary by industry segment, where organizations in financial services and utilities & energy experience substantially higher cyber crime costs than organizations in healthcare, automotive and agriculture. life sciences and healthcare.
Image presents the estimated average cost of cyber crime for country samples involving 252 separate companies, with comparison to last year’s country averages.
The report was produced in partnership with HP.