Companies in the financial services and energy sectors are the worst hit
Costly cyber attacks continue to have a significant and growing financial impact on businesses worldwide.
According to new research by Accenture and the Ponemon Institute, in 2017 the average cost of cyber crime globally climbed to $11.7 million per organisation, a 23 percent increase from $9.5 million reported in 2016, and represents a staggering 62 percent increase in the last five years.
In comparison, companies in the United States incurred the highest total average cost at $21.22 million while Germany experienced the most significant increase in total cyber crime costs from $7.84 million to $11.15 million.
This surge follows a recent string of infamous malware attacks including WannaCry and Petya, which cost several global firms hundreds of millions of dollars in lost revenues.
The Cost of Cyber Crime study surveyed 2,182 security and IT professionals in 254 organisations in the US, United Kingdom, Australia, Germany, Japan, France and Italy.
In New Zealand, it is estimated cybercrime cost the economy around $257 million and affect more than 856,000 Kiwis.
The number of cyber attacks has shown no sign of slowing down since the Ponemon Institute began the research in 2009.
The reports notes the imbalance on cybersecurity spending.
Of the nine security technologies evaluated, the highest percentage spend was on advanced perimeter controls, yet companies deploying these security solutions only realised an operational cost savings of $1 million associated with identifying and remediating cyber attacks, suggesting possible inefficiencies in the allocation of resources.
Invest in the ‘brilliant basics’ such as security intelligence and advanced access management and yet recognise the need to innovate to stay ahead of hackers.
Among the most effective categories in reducing losses from cyber crime are security intelligence systems, defined as tools that ingest intelligence from various sources that help companies identify and prioritise internal and external threats.
They delivered substantial cost savings of $2.8 million, higher than all other technology types included in this study. Automation, orchestration and machine learning technologies were only deployed by 28 percent of organisations – the lowest of the technologies surveyed – yet provided the third highest cost savings for security technologies overall at $2.2 million.
The report lists three steps organisations can take to improve their cybersecurity efforts:
Build cybersecurity on a strong foundation: Invest in the ‘brilliant basics’ such as security intelligence and advanced access management and yet recognise the need to innovate to stay ahead of hackers.
Undertake extreme pressure testing: Organisations should not rely on compliance alone
to enhance their security profile but undertake extreme pressure testing to identify vulnerabilities more rigorously than even the most highly motivated attacker.
Invest in breakthrough innovation: Balance spend on new technologies, specifically
analytics and artificial intelligence, to enhance program effectiveness and scale value.
Key findings of the study include the following:
• On average, a company suffers 130 breaches per year, a 27.4 percent increase over 2016 and almost double what it was five years ago. Breaches are defined as core network or enterprise system infiltrations.
• Companies in the financial services and energy sectors are the worst hit, with an average annual cost of $18.28 million and $17.20 million respectively.
• The time to resolve issues is showing similar increases. Among the most time-consuming incidents are those involving malicious insiders, which take on average 50 days to mitigate while ransomware takes an average of more than 23 days.
• Malware and web-based attacks are the two most costly attack types with companies spending an average of $2.4 million and $2 million respectively.
“The costly and devastating consequences businesses are suffering, as a result of cyber crime, highlights the growing importance of strategically planning and closely monitoring security investments. As this research shows, making wise investments in innovation can certainly help make a significant difference when cyber criminals strike,” says Kelly Bissell, managing director of Accenture Security, in a statement.
“Keeping pace with these more sophisticated and highly motivated attacks demands that organisations adopt a dynamic, nimble security strategy that builds resilience from the inside out – versus only focusing on the perimeter – with an industry-specific approach that protects the entire value chain, end-to-end.”
Get the latest on cybersecurity: Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.