Accenture and the Ponemon Institute conducted a new study titled, “The Cost of Cybercrime” that indicated cyber crime incidents cost an organization $11.7 million per year on an average. The study had 2,182 security and IT professionals across 254 organizations participating.
“Over the last two years, the accelerating cost of cyber crime means that it is now 23 percent more than last year and is costing organizations, on average, US$11.7 million,” the report said. The cost has increased by 23% since 2016 and 62% over the past five years.
Researchers concluded that on an average, each company experiences 130 breaches per year. The number has risen by more than 27 percent since last year.
The study focused on four major impacts of cybercrime: information or data loss, revenue loss, equipment damage, and business disruption. According to the report, 43 percent of respondents said that information loss is most damaging. “It is this threat landscape that demands organizations reexamine their investment priorities to keep pace with these more sophisticated and highly motivated attacks,” the report said.
The most expensive cyber attacks are malware infections which cost global businesses $2.4 million per incident, followed by Web-based attacks, which cost $2 million per incident globally. The hardest hit sectors this year include financial services and energy with average annual costs of $18.28 million and $17.20 million, respectively.
Australia reports the lowest total average cost from a cyber attack at $5.41 million, while the United Kingdom had the lowest change over the last year from $7.21 million to $8.74 million. Japan experienced a 22 percent increase in costs to $10.45 million – the third highest increase of the countries in the survey.
The report suggested following three steps the organizations can take to improve the effectiveness of their cybersecurity efforts to fend off and reduce the impact of cyber crime:
- Build cybersecurity on a strong foundation: invest in the ‘brilliant basics’ such as security intelligence and advanced access management and yet recognize the need to innovate to stay ahead of hackers.
- Undertake extreme pressure testing: Organizations should not rely on compliance alone to enhance their security profile but undertake extreme pressure testing to identify vulnerabilities more rigorously than even the most highly motivated attacker.
- Invest in breakthrough innovation: Balance spend on new technologies, specifically analytics and artificial intelligence, to enhance program effectiveness and scale value.
