Cyber-criminals who hack, phish, and worm their way into corporate data files cost the average American enterprise $15 million dollars in the past year, an alarming 19% increase from $12.7 million in 2014, according to the just-released “2015 Cost of Cyber Crime Study.” US-based companies, meanwhile, led their foreign competition by several lengths on the victims list.
The cost of cyber-crime in the next most besieged country, Germany, was less than half that of the US at $7.5 million. Japanese and British companies averaged more than $6 million, and Brazilian companies nearly $4 million.
The Ponemon Institute study, sponsored by Hewlett Packard, called upon more than 2,000 interviews with executives from 252 global corporations. Only 1,000-plus-employee companies were consulted, but not included were businesses hit hard by hucksters last year, such as Anthem Blue Cross and Blue Shield or United Airlines. Ponemon defines cyber-crime as criminal activity conducted via the Internet.
Cyber-crime took a bigger toll, the study found, on companies in financial services, energy and utilities, and defense and aerospace. Industries least affected include consumer products and hospitality.
The most costly incidents were caused by denial of services, malicious insiders, and malicious code, which accounted for half of the losses. But no matter the cause, the longer it takes a company to contain an attack, the higher the bill. The average time to resolve a cyber attack was 46 days, and the average cost to an organization during that period was $1,988,554. That contrasts markedly with a cost of $1,593,627 over an average 45-day resolution period last year.
Loss of data, interestingly, is more costly than loss of operational hours. Information theft accounted for 42% of external costs compared to 36% attributed to business disruption.