the growing cost of cyber crime - highlights from the 4th annual ponemon institute survey, 2013...
DESCRIPTION
According to the Ponemon Institute’s 2013 Cost of Cyber Crime study, the average cost to businesses of cyber crime is more than $7M per year—a 30% increase over last year. And the average number of attacks per company grew 20% to 73 successful attacks annually. With the incidence and cost of cyber crime rising sharply, this study of 234 companies in six countries details the types of cyber attacks found to be most common and the losses resulting from each type of attack. There’s good news, though. Companies with robust security governance practices reduced annual losses by $800,000. And those implementing security intelligence systems drove down costs by an average of $2M and achieved 21% ROI on those systems. Understanding the cost of cyber crime and the effectiveness of security countermeasures lets you more effectively plan security measures for your organization and estimate the ROI you might achieve with different security solutions.TRANSCRIPT
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Highlights from the 4th annual Ponemon Institute survey, 2013 Costs of Cyber Crime
Business losses to cyber crime are
still growing every year
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
About the Ponemon Cost of Cyber Crime Study 2013
The fourth annual Ponemon Institute Cost of Cyber Crime Study: Global Report, sponsored by HP Enterprise Security, is based on a representative sample of 234 organizations in the following six countries: United States, United Kingdom, Australia, Germany, France and Japan. Separate research reports are available for each country.
Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. In all countries, business disruptions and information loss or theft are the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“The research is designed to help organizations make the most cost-effective decisions possible in minimizing the greatest risks to their companies.”
Dr. Larry Ponemon, chairman and founder Ponemon Institute
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
The threat landscape is evolving rapidly
The costs of cyber crime are high…
The average annualized cost per
company was $7million…
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
…with costs ranging
up to $58million per company
Annualized total cost of cyber crime for 234 participating companies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
…threats are relentlessly increasing…
20% Increase in
cyber attacks in one year
1.4 successful attacks
per company per week
Cyber attacks are now common occurrences. The companies in the study experienced 343 successful attacks per week, or 1.4 successful attacks per company per week, an increase of 20 percent from last year’s study reported, which reported 262 successful attacks on average per week.
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
The threat landscape is evolving rapidly
…and taking longer to resolve
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
Average days to resolve attack by attack type
* Resolution does not necessarily mean that the attack has been completely stopped. For example, some attacks remain dormant and undetected (i.e., modern day attacks).
Malicious insider attacks can take 53 days on average to contain*
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
Costs from cyber crime attack types vary by geography…
The six nations covered by the Cost of Cyber crime study each see different patterns in their security challenges.
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
…but all industries are impacted by cyber crime
Organizations in
Defense
Financial services
Energy and utilities
experience substantially higher cyber crime costs ranging from
$10-16m/year
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Not just large businesses are targeted…
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
$431
$1,388
$-
$200
$400
$600
$800
$1,000
$1,200
$1,400
$1,600
…and for small organizations, the cost per capita is significantly higher than for larger organizations
Annual cost of cyber crime per capita by business size
Larger businesses
Small businesses
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
What happened?
“The bad guys are just smarter.
Their attacks are stealthier and
therefore more difficult to detect,
and the attacks last longer. Like a
biological virus in the human body,
they’re very difficult to remove
from the system.”
—Dr. Larry Ponemon “Why cyber crime is costing you so much more”, HP Software Discover Performance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
How are companies responding to the relentless increase in threats …and what kinds of solutions can help us fight back?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
Fighting back
“People and technologies are coming together, and we’re actually coming up with defense capabilities that didn’t exist before, like the creation of security intelligence technology. SIEM is one example, but there are others—Big Data analytics, for example—that are giving the good guys a tool to understand the problems.”
—Dr. Larry Ponemon
“Why cyber crime is costing you so much more”, HP Software Discover Performance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
There are solutions to reduce the costs of cyber crime
Security intelligence systems—
reduce costs by
almost $2m
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
Cost savings when deploying 7 enabling security technologies
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What 3 things can you do to insure your security investment will yield the best results?
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1 Don’t put all your eggs in one basket.
Take a proactive approach to Security spend and learn to validate your Security spending—from the network, to information to application security solutions.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“Allocate your budget as an interaction between three metrics: prevention, detection, and reducing false positives. Think about optimizing on these three metrics together, not just each individually.” —Dr. Larry Ponemon
“Why cyber crime is costing you so much more”, HP Software Discover Performance
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
2 Use your intelligence.
Implement a Security Information and Event Management (SIEM) solution— realize the substantial cost savings when compared to companies not deploying security intelligence technologies.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
What’s the cost of NOT deploying security intelligence technologies?
Activity cost comparison and the use of security intelligence technologies
Source: Ponemon Institute 2013 Cost of Cyber Crime Study, based on survey of 234 organizations in six countries.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
3 Build it in.
Don’t neglect Application Security. Prepare now for the ever evolving threats to software in the future.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
Download the global or your regional report
View one of the on-demand webinars
Watch the video
Or download the infographic of key findings
To learn more about the state of threats and how to protect your organization against them:
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Click here to visit the HP Security Ponemon Study microsite