Microsoft Subnet An independent Microsoft community View more

Most costly cybercrime attacks: Denial-of-service, malicious insider and web-based

The Ponemon Institute's 2013 Cost of Cyber Crime Study found that organizations suffer from 122 successful cyberattacks per week.

Among U.S. corporations, $11.56 million is the mean average cost of cybercrime, while for some it can range between $1.3 million and $58 million, according to the fourth annual Cost of Cyber Crime study conducted by the Ponemon Institute. That is up 78% from four years ago and a 26% increase from the average cost reported in 2012.

The 2013 Cost of Cyber Crime study, sponsored by HP Enterprise Security Products, found that organizations experience an average of 122 successful cyberattacks per week; that's 102 more attacks weekly than was reported in 2012. "The types of attacks experienced were: viruses, Trojans, malware, botnets, web-based attacks, denial of service, malicious code, malicious insiders, phishing and stolen devices." The most costly, listed under the "real cost of cyberattacks," were caused by denial-of-service attacks, malicious insider attacks and web-based attacks, which together account for more than 55% of all cybercrime costs annually.

The survey of 60 companies revealed that it takes an average of 32 days to resolve a cyberattack, with a price tag of $32,469 as the average cost per day. $1,035,769 is the average total cost if it takes 32 days to resolve. That's up 55% from last year, but that may be due to it taking 130% longer to resolve a cyberattack than it did a year ago.

The study takes into account both direct and indirect costs, with information theft labeled as the highest external cost and business disruption coming in at a close second. Internally, recovery and detection are responsible for 49% of the costs. Additionally, the study found that, for smaller organizations, cybercrime costs "a significantly higher per-capita cost than larger organizations."

Newsflash: "Cyber expert says hacker attacks are hard to prevent." Wow, seriously for real? In other breaking news, it's said the Pope is Catholic. Or how about this one: "Every country has an army of hackers." The point in mentioning those headlines is that if there are still companies who believe they won't be hacked, when that's a given -- just like all countries having nation-state hackers hoping to steal intellectual property, is it really surprising to have so many different 'cost of cybercrime' studies being reported?

Variations on the 2013 cost of cybercrime are all over the place, and you can be sure most of those studies and white papers are produced by companies hoping to sell you the latest and greatest protection and services. These companies do all put a great deal of effort into coming up with the numbers, but it's nearly impossible to know for sure, and some experts suggest that cybercrime estimates are a bunch of bunk.

Symantec's 2013 Norton Report took a different route, coming up with a $113 billion as the global price tag of consumer cybercrime. For the U.S., $38 billion was the price tag of consumer cybercrime, with $298 as the average cost per victim in the U.S.

When McAfee collaborated with the Center for Strategic and International Studies, the resulting white paper [pdf] for 2013 came up with a rough guess of up to $100 billion annually for the U.S, which was approximately equal to 500,000 jobs. "Data is incomplete but global estimates vary from $300 billion to $1 trillion."

That $1 trillion price tag was repeated by NSA Chief Gen Keith Alexander in 2012. Yes, that is the same Alexander who recently admitted he lied to a Congressional committee about phone surveillance stopping 54 terror plots. "Alexander admitted that only 13 of the 54 cases were connected to the United States. He also told the committee that only one or two suspected plots were identified as a result of bulk phone record collection."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.