Ponemon Institute, an organization that conducts independent research on privacy, data protection and information security policy, released a report entitled “2014 Global Report on the Cost of Cyber Crime” sponsored by HP Enterprise Security. The data put forth in the report is based on 257 representative sample organizations operating in various industries and sectors of seven countries, namely, the United States, the United Kingdom, Germany, Australia, Japan, France, and for the first time, the Russian Federation.

According to the report, the U.S. is ranked as the country that has the highest total average cost of cyber crime at $US12.7 million in 2014 and Russia has the lowest total average cost at $US3.3 million. The sample from Germany ranked second with a total average cost of $US8.13 million, in front of Japan with $US6.91 million, France $US6.38 million, the UK $US5.93 million and Australia at $US3.99 million.

The report reveals that all six countries experienced a net increase in the cost of cyber crime over the past year. Here, the percentage net change between 2013 and 2014 (excluding Russia) was 10.4%.

Significant findings from the report 

According to the report, industries fall victim to cyber crime at differing degrees with the average annual cost of cyber crime varying according to the industry in which a company is active. Hence, organisations in energy and utilities, and in financial services experience substantially higher costs of cyber crime than organisations operating in media, life sciences and healthcare. The most costly cyber crimes are caused by malicious insiders, denial of services and web-based attacks, all of which account for more than 55 percent of all cyber crime costs per organization on an annual basis. 

The report also recommends enabling technologies such as SIEM, intrusion prevention systems and applications security testing solutions in order to mitigate these kinds of attacks.

Finally, the report underlines that unless a cyber attack is resolved quickly, it can become much more costly. Results show a positive relationship between the time it takes to contain an attack and the organisational cost. The average time it took to contain a cyber attack was 31 days, with an average cost for relevant organizations of $639,462 during this 31-day period. This represents a 23% increase from the last year’s estimated average cost of $509,665 which was based on a 27-day remediation period.

Types of attacks experienced by 30 Australian organisations surveyed.