Communications and Technology Industry Research

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 
Communications and Technology Industry Research
Industry Research Featured Article

July 30, 2010

Cyber Crime Costs an Average $3.8 Million a Year for a Firm


Cyber crime generally refers to criminal activity conducted via the Internet. The most serious among them include stealing an organization's intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country's critical national infrastructure.




ArcSight, a provider of enterprise threat and risk management solutions, and Ponemon Institute, an organization dedicated to advancing responsible information and privacy management practices in business and government, announced the results of their First Annual Cost of Cyber Crime Study that quantifies the economic impact of cyber crime.

The study, sponsored by ArcSight (News - Alert), was independently conducted by the Ponemon Institute and designed to provide awareness around the level of investment and resources needed to prevent or mitigate the devastating consequences of a cyber attack, according to ArcSight officials.

The study, which involved interviews with the data protection and IT security practitioners in 45 U.S. organizations representing a cross section of markets, found that cyber crime is common, intrusive, and can have a significant impact on an organization's bottom line. The study was conducted in early 2010.

During the four-week period of the study, the 45 organizations surveyed in the study experienced 50 successful attacks per week, or more than one successful attack per organization per week.

Based on these observations, the company estimated that every year an organization incurs a median annualized cost of $3.8 million. The costs for the complete benchmark sample ranges from $1 million to nearly $52 million, according to ArcSight officials.

Among the different types of cyber crimes, the most costly crimes are those caused by web attacks, malicious code and malicious insiders – they account for more than 90 percent of all cyber crime costs per organization on an annual basis.

If the issue is not resolved quickly, it will result in huge loss to the organization. In the sample of the study, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

According to the report, detection and recovery are the most costly internal activities. On an annualized basis, detection and recovery combined account for 46 percent of the total internal activity cost, with labor representing the majority of these costs.

The solution to this issue is to deploy enabling technologies such as SIEM and enterprise threat and risk management or “ETRM” solutions. In the sample, participating companies that had deployed a SIEM system achieved a 24 percent cost savings when dealing with cyber attacks versus those that had not.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” Larry Ponemon, founder and chairman of the Ponemon Institute, said.

According to Ponemon, actions such as the appointment of a chief information security officer or “CISO,” the rollout of an enterprise security strategy, and investments in technologies capable of addressing sophisticated threats and managing complex security events can help companies reduce the financial impact of cyber crime.

“ArcSight has enabled businesses and government institutions to minimize their exposure to cyber threats with our market-leading SIEM product,” Tom Reilly, president and CEO of ArcSight, said.

Cyber threats are constantly evolving and traditional signature-based perimeter security is no longer enough to save organizations from the emerging threats.

“We believe that delivering a comprehensive platform for Enterprise Threat and Risk Management will increase visibility across the enterprise and successfully mitigate exposure to the risks of modern-day cyber crime.”

In June, ArcSight announced it has joined the Cisco (News - Alert) Developer Network as a Registered Developer within the network security technology category.


Rajani Baburajan is a contributing editor for TMCnet. To read more of Rajani's articles, please visit her columnist page.

Edited by Juliana Kenny





Reports
Reports






Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2023 Technology Marketing Corporation. All rights reserved | Privacy Policy