A guest post by
Dr. Larry Ponemon
Chairman and Founder of the Ponemon Institute
We just completed our fifth annual Cost of Cyber Crime study sponsored by HP Security. We surveyed 257 companies in seven countries to find out how much cyber crime costs them. Like most research we do, some of the findings are predictable, while others, if not unexpected, are at least less obvious.
For example, the headlines suggest the cost of cyber attacks is rising. And our research confirmed it is—up to $12.7 million annually per company in the U.S. And as cyber criminals become more skilled at hiding their attacks, the time to resolve incidents increased to 45 days, up from 32 days just last year. That’s a 41 percent increase and accounts for much of the increased cost.
But when you read past the executive summary of our reports, you discover some data the headlines miss—and some nuggets you can use to actually make your business safer. For example, it’s obvious that cyber crime costs larger companies more than smaller ones, but the cost per capita, based on the number of employees who have access to the Internet, is almost three times greater in smaller businesses according to the U.S. results. And while attacks in the retail sector are most visible to the public, retail is actually near the middle of all industries. Average annual losses per surveyed retail company are $8.6 million compared to $26.5 million for energy and utilities companies. Consistent with the headlines, though, the increase in losses to retail companies over last year was more than 100 percent, the highest among all industries.
One of the most useful aspects of our research results, however, explores what security measures respondents have invested in and which are found to be most effective in reducing losses. The most widely deployed security technologies are advanced perimeter controls and firewalls, with 61 percent of U.S. respondents claiming full deployment, and encryption technologies with 53 percent claiming extensive deployment. Security intelligence solutions such as security information and event management (SIEM), intrusion prevention systems (IPS) with reputation feeds, network intelligence systems, and big data analytics are deployed in 49 percent of respondents.
When we drill down into which are most effective in reducing losses, however, we find that security intelligence solutions are driving down average annual losses by $5.3 million in U.S. companies, whereas advanced perimeter controls and firewalls reduce losses by $2.1 million and encryption technologies by $1.3 million.
What does it mean? Well, it doesn’t mean you should throw out your firewalls. I think the data suggest that rather than focusing solely on technologies to keep attackers out, businesses must also invest in prevention and detection, balancing security investments across the attack lifecycle.
Don’t just react to the headlines, check out all the regional details that will be presented in our upcoming live webinar series. You may find other information that’s less obvious but more critical to your company’s safety.
Register now to attend the live events and get a chance to ask your questions on the cost of cyber crime.
Original Article: http://h30499.www3.hp.com/t5/HP-Security-Products-Blog/What-is-the-cost-of-cyber-crime-Looking-past-the-headlines/ba-p/6636506#.VDcUQ2LF98E
20 Eye-Opening Cybercrime Statistics November 14, 2016 | By Bill Laberis iStock Share 20 Eye-Opening…
Study Shows 67% of Employees Expose Sensitive Data Outside the Workplace Posted by on November…