Source: HP infographic.

HP recently released the findings of their sixth annual study, conducted in partnership with the Ponemon Institute, exploring the financial effects of cyberattacks on both public and private sectors.

The study shows a substantial rise in the total cost of cybercrime, indicating that smaller companies bear a proportionally larger cost than larger ones.

The 2015 Cost of Cyber Crime Study, carried out by the Ponemon Institute and supported by HP Enterprise Security, calculates the yearly cost of cybercrime for businesses across seven countries: the US, UK, Japan, Germany, Australia, Brazil, and Russia.

Researchers discovered that the average annual cost of cybercrime for Australian and Japanese organizations in the study sample increased by 13% and 14%, respectively, compared to the previous year. The study also found that resolving a cyberattack took an average of 31 days in Australia, compared to 26 days in Japan.

“As organizations increasingly adopt new technologies such as mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” stated Matthew Shriner, Director, Enterprise Security Products, Asia Pacific and Japan, and Europe, Middle East, and Africa, HP. “To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritize the security strategies that can make a difference in minimizing the impact.”

Key takeaways from the 2015 Australia and Japan Cost of Cyber Crime Studies:

• Cybercrimes remain expensive: The average yearly cost of cybercrime reached US$6.81 million in Japan, in contrast to US$3.47 million in Australia.
• Cybercrime resolution takes time: Resolving a cyberattack took an average of 31 days in Australia, compared to 26 days in Japan. This shows an increase of eight days in Australia and one day in Japan from the previous year. The study also found that containing malicious insider attacks can take an average of 50 days in Australia, compared to 37 days in Japan.

Organizations can better strategize their security approach and investments by understanding which cyber threats pose the greatest risk and have the most significant financial impact.

• In both Japan and Australia, denial of service and malicious insiders continued to be the costliest cybercrimes.
• In Australia, business disruption remained the most significant external cost, followed by information loss. Business disruption accounted for 38% of total external costs annually.
• In Japan, information theft was the highest external cost, followed by business disruption. Information theft constituted 48% of the total yearly external cost.
• Recovery and detection were the most expensive internal activities in both nations. Australia reported that it made up 48% of the overall yearly internal activity cost, while Japan reported 53%. In both countries, productivity, cash outlays, and direct labor made up the majority of these expenses.

Organizations that invested in and implemented security intelligence technologies and governance practices to address the most expensive crimes were more effective at detecting and containing cyberattacks, minimizing potential losses.

• Implementing a security information and event management (SIEM) solution resulted in average cost savings of US$1.9 million annually, compared to companies that did not implement similar security measures.
• Employing certified/expert security personnel generated savings of US$1.5 million.
• Appointing a high-level security leader can decrease costs by US$1.3 million.

“With cyber attacks growing in both frequency and severity, understanding of the financial impact can help organisations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” stated Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “As seen in this year’s study, the return on investment for organisations deploying security intelligence systems, such as SIEM, realised an average annual cost savings of nearly US$4 million – showcasing the ability to minimise impact by more efficiently detecting and containing cyber attacks.”

Out of the seven countries included in the study, the US sample had the highest total average cost of cybercrime at US$15 million per company. The Japan sample ranked third globally at US$6.81 million, while the Australia sample had the second-lowest average cost of cybercrime at US$3.47 million.

Interested?

Learn more about the Cost of Cyber Crime Study findings and how actionable security intelligence can help minimize the impact of cybercrime through a webinar being held Wednesday, October 14 at 12 pm EDT (12 am October 15 Singapore time).

Discover more about the country-specific findings of the Cost of Cyber Crime Study, access copies of the full reports, and explore an interactive assessment tool.

View the associated infographic.

1. 2015 Cost of Cyber Crime Study: Australia, Ponemon Institute, September 2015.
2. 2015 Cost of Cyber Crime Study: Japan, Ponemon Institute, October 2015.
3. 2015 Cost of Cyber Crime Study: Global, Ponemon Institute, October 2015.
4. 2014 Cost of Cyber Crime Study: Australia, Ponemon Institute, October 2014.
5. 2014 Cost of Cyber Crime Study: Japan, Ponemon Institute, October 2014.