Cybercrime Costs $3.8 Million Per year to Organizations

According to a study conducted by the Ponemon Institute on July 27, 2010, malware, insider threats and Web attacks can cost organizations Millions of dollars loss each year. The survey of 45 US organizations, backed by Arcsight (A security and compliance solutions provider), found that on an average, cybercrimes costs organizations around $3.8 Million per year.

The study was conducted among organizations with 500 or more seats and was carried out during a 5 month period ended on June 23, 2010. Its findings include: it took around 14 days to resolve a cyber attack, with an average cost of $17,696 per day. Further, the report found that malicious insider attacks could take around 42 days or more to resolve.

Commenting on the issue, Larry Ponemon, Chairman of the Ponemon Institute, stated that the reason why some attacks varied in cost was the comparative difficulty in finding the attack (stealth) and ensuring that it was properly fixed, as reported by the eWEEK on July 26, 2010.

For example, malicious code issues were difficult to detect and resolve as compared to the malware and botnets. Thus, more resources were spent in fixing software versus eradicating a virus with an identified signature, Larry Ponemon added.

Ponemon also found that malicious code, Web-borne attacks and malicious insiders were the most expensive types of web attacks that made up more than 90% of all cybercrime costs per organization per year. A Web-based attack costs $143,209; malicious code, $124,083; and malicious insiders, $100,300.

Ponemon said the close examination of actual attacks revealed that they were most frequently recognized as worms, viruses and Trojans, but in terms of individual attacks, a SQL injection was more expensive on the basis of attack by attack.

Botnets accounted for only 8% of the total attacks, with an average price of around $1,627. But that number could be conservative, given some of the unknowns about the sources of the attacks.

The security firm has suggested that strong leadership and efficient governance can cut down the cybercrime expenses. Ponemon noted that known governance practices in the security firm's white paper referred to three activities: appointment of one senior level leader with overall responsibility for security, execution of a strategic plan for security, data protection and privacy-related issues, and adherence to a rigorous objective standard such as ISO, NIST or others.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 8/5/2010