Security and Compliance: Violations and Lack of Confidence Are Widespread
If you need a reason to throw more of an effort into cybersecurity, here it is: The cost of cyber crime has gotten more expensive.
According to a new study sponsored by HP and conducted by the Ponemon Institute, the occurrence of cyber attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 percent.
The bulk of the cyber crime is caused by malicious code, denial of service, stolen or hijacked devices, and malevolent insiders, accounting for 78 percent of cyber crime for organizations. And perhaps not surprisingly, the longer it takes to resolve the attack, the more it will cost. According to the “2012 Cost of Cyber Crime” report, the average time to resolve a cyber attack is 24 days, but it can take up to 50 days according to this year’s study. The average cost incurred during this 24-day period was $591,780, representing a 42 percent increase over last year’s estimated average cost of $415,748 during an 18-day average resolution period.
It isn’t just businesses and organizations that are feeling the cost of cyber crime. The “Norton Crime Report,” released last month, focused on the consumer costs of cyber crime. The study found that more than 71 million people fell victim to cyber crime over the past year, with $20.7 billion in direct financial losses. And if you look at the blurred lines between your employees as workers and as consumers, these attacks are going to have a far-reaching effect.
And yet, there are still companies that don’t take cybersecurity seriously, thinking that it can be tossed to someone on the IT staff. But while there are some measures that IT can take, most are not trained in security beyond basic practices. There is an old saying that if you want to make money, you have to spend money. In this case, it you want to save money, you have to spend the extra dollars to protect yourself from the cost of an attack.
The HP study showed that. As eWeek pointed out:
The study also found that companies focused on security intelligence — focusing on detecting attacks early — reduced the costs of cybercrime the greatest, nearly $1.7 million on average. Technologies such as security information and event management (SIEM) and intrusion prevention systems were included in the category. Companies with access governance tools and systems required by compliance saved $1.6 million and $1.5 million, respectively. The savings were not additive, said Ponemon.
As Michael Callahan, vice president, Worldwide Product and Solution Marketing, Enterprise Security Products, HP, said in a release:
There is clear evidence to show that the deployment of advanced security intelligence solutions helps to substantially reduce the cost, frequency and impact of these attacks.
For anyone on the fence about improving security efforts, this might be the best argument for why cybersecurity has to be given a higher priority.
