HP Finds 56 Percent Rise in Cost of Cybercrime

Despite widespread awareness, cyberattacks are becoming increasingly common.

As remarkable as it sounds, a new study from HP and the Ponemon Institute found that over a four-week period, the organizations surveyed experienced 72 successful attacks per week, an increase of nearly 45 percent from last year. (Note: More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.)

Of course, the financial impact of a cyberattack can be devastating. The Second Annual Cost of Cyber Crime Study also revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This represents an increase of 56 percent from the median cost reported in the inaugural study published in July 2010. (Note: More than 90 percent of all cybercrime costs were caused by malicious code, denial of service, stolen devices and web-based attacks.)

Interestingly, the study looked deeper into the economic costs of cybercrime and found that:

Cyberattacks are costly, especially if they're not resolved quickly. The average time to resolve a cyberattack is 18 days, with an average cost to participating organizations of nearly $416,000. This represents a nearly 70 percent increase from the estimated cost of $250,000 over a 14-day resolution period in last year's study. Results also showed that malicious insider attacks can take more than 45 days to contain.


Advanced security intelligence and risk management solutions can mitigate the cost of cyberattacks. Organizations that had deployed security information and event management (SIEM) solutions realized a cost savings of nearly 25 percent, resulting from the enhanced ability to quickly detect and contain cybercrimes. As a result, these organizations experienced a substantially lower cost of recovery, detection and containment than organizations that had not deployed SIEM solutions.

Mitigating risk boils down to leveraging security and implementing strict risk management technologies, Tom Reilly, vice president and general manager, Enterprise Security, HP, said.

"Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organization's financial health becoming more substantial," he concluded in a press release. "Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime."