Cyber-Crime Increasing As Companies Spend More in Prevention

There is continuing concern over the cost and amount of cyber-crime at businesses – especially those located in the United States.

The latest estimate places the worldwide cyber-crime cost at $113 billion. Also, organizations have recently experienced an average of 122 successful attacks per week, compared to 102 attacks a week last year.

“The threat landscape continues to evolve as cyber-attacks grow in sophistication, frequency and financial impact,” Frank Mong, vice president and general manager, Solutions, Enterprise Security Products, Hewlett-Packard (News - Alert), said in a recent statement.

New alarming percentages were found in the study called “Cost of Cyber Crime Study” – which was conducted by Ponemon Institute (News - Alert) and was sponsored by Hewlett-Packard. The study looked at 234 businesses located in Australia, France, Germany, Japan, the United Kingdom and the United States.

"The evidence suggests that things are getting worse instead of better, despite all the resources that companies are spending on cybercrime," Ponemon said in a statement quoted by Information Week. For instance, resolving a cyber-attack now takes 32 days compared to 24 days last year. It was also shown how cleaning up after an attack ended up costing typically $1 million. And the cyber-crime cost experienced in the United States by some 60 businesses under study went from $1.3 million to over $58 million. The average was $11.6 million – which is $2.6 million more than 2012. It was also 78 percent more than four years ago for the sample companies. The most costly areas in addressing cyber-crimes are recovery and detection.In addition, the study showed the highest cyber-crime costs were in the United States (averaging $11.6 million per business) and Germany ($7.6 million). Japan saw $6.7 million in costs and France saw $5.1 million. The United Kingdom saw $4.7 million and Australia saw $3.7 million. It was also found how financial services, defense, energy and utilities saw higher cyber-crime costs than businesses in consumer products, hospitality and retail sectors.

In its commentary on the study, KnowBe4 noted how businesses still “expose themselves to potential class-action lawsuits on behalf of third parties.” There is special concern for small- and medium-sized enterprises (SMEs) to “arm themselves against cyber-attacks before litigation ensues,” according to a statement from the firm. Smaller businesses see higher per-capita cost than larger businesses, the study adds. Another category which should be concerned is businesses which protect users’ personal information, including banks and data brokers. One example is how cyber-thieves stole over 160,000 records from ChoicePoint, a data broker.

One means of protection is Internet security training. "Antivirus software cannot keep up with the sophisticated tactics of professional hackers, and should not be depended upon as a reliable means of defense," Stu Sjouwerman, CEO of KnowBe4, said in a statement. "Internet security training has proven to work by lessening the chances of a successful cyber-attack."

In response to the trends, KnowBe4 worked with security consultant Kevin Mitnick to come up with Kevin Mitnick Security Awareness Training, a security product. A new version of Kevin Mitnick Security Awareness Training program will be offered next year. It was shown how the program addressed the risk of phishing.

Also, the recent study showed that security information and event management (SIEM), network intelligence systems, and big data analytics, can limit threats and lower costs of cyber-crime.