HP partners with Ponemon Institute for sixth annual global study; results identify most costly crimes, supports need for shift in security strategy to protect interactions among users, applications and data
HP has unveiled the results from its sixth annual study in partnership with the Ponemon Institute detailing the economic impact of cyber attacks across both the private and public sectors. The findings reveal a dramatic increase in the overall cost of cyber crime, while providing insight to the most costly cyber crimes and the approaches organisations can take to minimise the impact.
Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2015 Cost of Cyber Crime Study quantifies the annual cost of cyber crime for companies across seven countries including Australia, the U.S., U.K., Japan, Germany, Brazil and the Russian Federation.
In the fourth annual study for Australia, researchers found the average annualised cost of cyber crime, incurred by a benchmark sample of 28 Australian organisations, increased by 13 percent to AU $4.9 million since last year. The results also revealed the time it takes to resolve a cyber attack has increased to 31 days, with the average cost incurred by organisations being AU $419,542 during the same period.1
“As organisations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” said Shane Bellos, general manager, Enterprise Security Products, HP Software, HP South Pacific. “To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact.”
As organisations strive to embrace new technologies while protecting their expanded environments, there is a need to shift security strategies from traditional network control and perimeter management to an advanced focus on protecting interactions among users, applications and data. The 2015 Cost of Cyber Crime Study for Australia demonstrates that organisations are now committing 20 percent of their security budget allocation to the application layer1, up from 16 percent last year.2
Key findings from the 2015 Australia Cost of Cyber Crime Study
- Cyber crimes continue to be very costly: The average annualised cost of cyber crime incurred was AU $4.9 million, with a range from AU $792,932 to AU $18 million.1 The increase in the cost of cyber crime was 13 percent from last year.2
- Cyber crime costs vary by organisational size: Results revealed a positive relationship between organisational size (as measured by enterprise seats) and annualised cost. However, based on enterprise seats, results showed that small organisations incurred a significantly higher per capita cost than larger organisations.3
- Cyber crimes require more time to resolve: The average time to resolve a cyber attack was 31 days, with an average cost to participating organisations of more than AU $419,542 during this period.1 This represents a 47 percent increase from last year’s estimated average cost of approximately AU $276,323, which was based upon a 23-day resolution period.2 Results showed that malicious insider attacks can take an average of approximately 50 days to contain.1
- Cyber crimes impact all industries: The cost of cyber crime varied by industry segment, and for most industries has increased slightly since the study was first conducted four years ago. This was especially true for the energy and utilities industry, which saw an increase of AU $2.2 million and the financial services industry, which saw an increase of AU $3.1 million. In comparison, organisations in the media, consumer products and retail industries appear to have experienced a lower overall cost of cyber crime cost over the last four years.1
To be forewarned is to be forearmed
Understanding the cyber threats that pose the biggest risk and have the most economic impact to organisations can help enterprises better plan their security approach and investments.
- The most costly cyber crimes in Australia continued to be those caused by denial of services, malicious insiders and malicious code. These accounted for more than 45 percent of all cyber crime costs per organisation on an annual basis.1
- Business disruption continued to represent the highest external cost in Australia, followed by the costs associated with information loss. On an annual basis, business disruption accounted for 38 percent of total external costs, down 2 percent from last year. Costs associated with information and revenue loss accounted for 58 percent of external costs, an increase from 54 percent last year.1
- Recovery and detection in Australia was the most costly internal activity, accounting for 48 percent of the total annual internal activity cost, with productivity and direct labour representing the majority of these costs.1
Organisations investing in and using security intelligence technologies and governance practices to address the crimes that proved most costly were more efficient in detecting and containing cyber attacks, thereby reducing costs otherwise incurred.1
For example, Australian companies with encryption technologies experienced average cost savings of AU $1.6 million, while those with security intelligence systems, experienced average cost savings of AU $1.5 million. In addition, companies with expert security personnel saved an average of AU $1 million.1
“With cyber attacks growing in both frequency and severity, understanding of the financial impact can help organisations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” said Dr. Larry Ponemon (@ponemon), chairman and founder, Ponemon Institute (@PonemonPrivacy). “As seen in this year’s study, the return on investment for organisations deploying security intelligence systems, such as SIEM, realised an average annual cost savings of nearly $4 million – showcasing the ability to minimise impact by more efficiently detecting and containing cyber attacks.”
U.S. Leading the Globe in Cyber Crime Costs
Across all seven countries studied, the U.S. sample reported the highest total average cost of cyber crime at $15 million per company, while the Russian Federation sample reported the lowest, at $2.4 million. The Australia sample ranked second lowest out of seven countries, reporting an average cost of cyber crime at $3.47 million.3
Additional Information & Webcast Events
Hear more detail on the Cost of Cyber Crime Study’s findings and how actionable security intelligence can help to minimise the impact of cyber crime on a webcast being held Wednesday, October 14 at 12:00 p.m. EDT. For more information on country-specific findings of the Cost of Cyber Crime Study or copies of the full reports, along with an interactive assessment tool, visit www.hp.com/go/Ponemon.
About HP Security
HP enables organisations to take a proactive approach to enterprise security, disrupting the life cycle of an attack through prevention and real-time threat detection. With market-leading products, services and innovative security research, HP Security brings a global network of security operations centres and more than 5,000 IT security experts to help customers strengthen their security posture to minimise risk and incident impact.
Join HP Software on LinkedIn and follow @HPSoftware on Twitter. To learn more about HP Enterprise Security products and services on Twitter, please follow @HPSecurity and join HP Enterprise Security on LinkedIn.
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. With the broadest technology portfolio spanning printing, personal systems, software, services and IT infrastructure, HP delivers solutions for customers’ most complex challenges in every region of the world. More information about HP is available at www.hp.com.au.
1 “2015 Cost of Cyber Crime Study: Australia,” Ponemon Institute, September 2015.
2 “2014 Cost of Cyber Crime Study: Australia,” Ponemon Institute, October 2014.
3 “2015 Cost of Cyber Crime Study: Global,” Ponemon Institute, October 2015.