Cyber crime costs average $4.9m: Ponemon Institute
- 15 October, 2015 12:09
The average economic impact of cyber crime on Australian organisations increased from $4.2 million last year to $4.9 million according to the Ponemon Institute’s 2015 Cost of Cyber Crime Study.
The study, which was sponsored by HP Enterprise Security, examined the costs incurred by 28 Australian organisations who were victims of cyber crime. Costs ranged from $792,932 up to $18 million.
Business disruption continued to represent the highest external cost in Australia, followed by the costs associated with information loss. On an annual basis, business disruption accounted for 38 per cent of total external costs, down 2 per cent from last year. Costs associated with information and revenue loss accounted for 58 per cent of external costs, an increase from 54 per cent in 2014.
The average time it took to resolve a cyber attack increased from 23 days last year to 31 days, with the average cost incurred by organisations now $419,542.
Malicious insider attacks could take up to 50 days to contain, the report said.
The most costly cyber crimes were those caused by malicious insiders, distributed denial of service (DDoS) attacks and malicious code. These attacks accounted for more than 45 per cent of all cyber crime costs per organisation on an annual basis.
The study also found that organisations are now committing 20 per cent of their security budget allocation to the application layer, up from 16 per cent in 2014.
Commenting on the report, HP Software enterprise security products general manager Shane Bellos said that as organisations invest in mobile, cloud and the Internet of Things (IoT), the attack surface for more sophisticated adversaries continues to expand.
“To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact,” he said.
According to the Ponemon Institute’s 2014 Cost of Data Breach Global Analysis, the average cost of a data breach per Australian organisation was over $2.5 million per year.