Research shows cyber crime costs the same for cloud and non-cloud enterprises

If it seems like there’s been a lot more news lately about malicious insider attacks, viruses, denial-of-service and other cyber threats and liabilities, your perceptions are spot on.  Cyber crimes have been escalating at an alarming rate, up 44 percent over last year costing individual companies up to $36.5 million annually. These statistics are according The Second Annual Cost of Cyber Crime Study, new research published Sept 12, 2011, by Ponemon Institute, sponsored by ArcSight, an HP company. 

 

The research is jam-packed with useful information about cyber crime cost and what technologies are best at helping  bring down the risk and the cost.  But the statistic I found most interesting is this:  “Cyber crime costs are not influenced by companies’ use of public or hybrid cloud computing resources.”  Yes, you read that right.  I know because I went back and reread this section a second time. 

 

 

Ponemon cyber crime large.jpg

 

According to the researchers, they found that companies who are “significant” users of public or hybrid cloud (including software, infrastructure and platform services) did not have statistically higher cyber crime costs than companies who have not yet ventured into cloud technologies.  Does this mean that the perceived notion that cloud computing is more susceptible to cyber crime is just another urban myth?  Read the research and let me know what you think.

 

 

 

Other study findings about the harsh reality of rising cyber crime include: 

 

  • Companies participating in the study averaged 72 attacks per week.
  • Malicious code, denial of service, stolen or hijacked devices and malicious insiders are the culprits for the most costly cyber crimes, accounting for more than 90 percent of all cyber crime costs per organization on an annual basis.
  • The longer it takes the IT department to resolve the attacks, the more costly they are.  The study found a positive relationship between the time to contain an attack and organizational cost.
  • The average time to contain a cyber attack is 18 days, up from 14 days last year.  This year’s average cost to resolve for participating organizations is $415,748, a 67 percent increase from last year’s estimated average cost of $247,744.
  • Malicious insider attacks can take more than 45 days on average to resolve.

 

 

SIEM and GRC practices help business prepare

 

security man.jpgThat’s the bad news. The good news: The study found that although all industries and all size companies are subject to cyber crime, there are a number of steps organizations can take to protect their business. Specifically, the research showed that those companies with a comprehensive end-to-end security strategy and programs were more successful at mitigating cyber crime faster and at less expense.

 

Companies using enabling technologies such as Security Information and Event Management (SIEM) are spending less on average fighting cyber crime with a percentage cost difference between SIEM and non-SIEM companies of 24 percent the study suggests. In addition, the research found that companies using SIEM were better able to quickly detect and contain cyber crimes, especially those involved malicious code, denial of services, stolen devices and malicious insider attacks. As a result, SIEM companies had a significantly lower cost of recovery, detection and containment than non-SIEM companies.

 

The research further finds that companies with governance, risk management and compliances (GRC) practices had a lower cost of cyber crime than those lacking GRC procedures.

 

The Second Annual cost of Cyber Crime Study and a wealth of other information are part of a package of announcements from HP around its expanded Enterprise Security Solutions portfolio, designed to help enterprises establish and execute a comprehensive security strategy that addresses threats and potential liabilities resulting from the staggering increase in cyber crime.  The press kit is especially useful outlining the myriad of services, solutions, research, videos, fact sheets and other information available on HP Enterprise Security Solutions.

 

Related links:

News Release: HP Unveils Expanded Enterprise Security Solutions for the Instant-On Enterprise

News Advisory:  Research Reveals Comprehensive Enterprise Risk Management is Critical

Press Kit: HP Unveils Expanded Enterpise Security Solutions

Ponemon Institute Research Study:  Second Annual Cost of Cyber Crime Study

 

Comments
Nadhan | ‎09-15-2011 07:49 AM

Judy, Your point about the cost of cyber crime being agnostic to the degree of cloud presence within enterprises is very well taken.  Another dimension to this is the size of the enterprise.  Small and Medium Businesses are likely to incur a significant impact due to cyber crime as I outline in this post on Top 5 Reasons why Security best practices are even more vital to SMBs than Large Businesses.

JudyRedman | ‎09-15-2011 08:35 AM

Thanks for your comment.  I urge IT security people in all industries within businesses of all sizes to read the full research study.  While some industries are experiencing slightly less cyber crime, firms of all sizes and all types are vulnerable and getting more vulnerable every day.

JR

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Judy Redman has been writing about all areas of technology for more than 20 years.
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.