Cybercrime Costs Spike Higher: Research
NEW YORK ( TheStreet) -- The cost of cybercrime is increasing dramatically for U.S. companies, according to the latest research from the Ponemon Institute on Monday, as firms wrestle with an increasingly aggressive threat landscape.
The Hewlett Packard (HPQ) -sponsored study found that the average cybercrime cost incurred by U.S. firms is $8.9 million per annum, an increase of 6% on 2011 and a hike of 38% from 2010. The research, which surveyed 56 U.S. organizations, also revealed an average of 102 successful attacks per week in 2012, up from 72 in 2011 and 50 per week in 2010.
The Ponemon Institute defines a successful attack as one that infiltrates a company's network or its enterprise IT system. "I think that the attacks are more sophisticated," Larry Ponemon, founder of the Ponemon Institute, told TheStreet. "In some cases, the bad guys are getting smarter."
Ponemon cited denial-of-service (DoS) attacks and malicious code as posing big challenges to businesses, along with the threat of "malicious insiders" within their organizations. The phenomenon of employees hooking their own personal devices to the corporate network (known as Bring-Your-Own-Device, or BYOD) is also creating a security headache, he added.
Nonetheless, the expert warned that cybersecurity awareness could be better, particularly within the C-suite. "The number one issue is creating awareness in the boardroom," he said. "Even after all these stories like Sony, it's clear that most CEOs and boards are not paying attention to this issue until it's too late."
Organizations, both in the corporate realm and in government, have already noted an upswing in cyber attacks. In June, for example, the Department of Homeland Security reported that attacks against U.S. critical infrastructure, such as the power grid , are skyrocketing. The Department's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said that it received 198 security incident reports in 2011, a significant increase from the 41 it received in 2010.
Last month, security guru Eugene Kaspersky, CEO of Kaspersky Lab , warned that hackers could shut down power in most of the world within a matter of decades.
Ponemon, however, said that certain technologies, such as Security Information and Event Manager (SIEM) offerings can help companies better cope with cyber assaults. "The silver lining is that some organizations seem to do a better job managing the cost of cyber attacks," he said. "It seems that some organizations that use certain types of technology do better than others."
SIEM software offerings are sold by the likes of HP and its arch rival McAfee, now part of Intel(INTC) .
HP, which is currently in the throes of a massive 5-year restructuring effort , has been ramping up its efforts around security, grabbing security management and compliance specialist ArcSight for $1.5 billion in 2010, the same year that it clinched a deal for privately-held security software maker Fortify. In 2009 the Palo Alto, Calif.-based firm grabbed network security firm Tipping Point .