That's well above average, according to a just-released survey by technology provider Hewlett-Packard, conducted by the Ponemon Institute. HP's second annual Cost of Cybercrime Study pegged the median annualized cost of cybercrime incurred by a benchmark sample of organizations at $5.9 million. The survey revealed a range of $1.5 million to $36.5 million, a 56 percent increase from the median cybercrime cost reported in HP's inaugural study published in July 2010.
But, as the study shows, taking the proper preventative measures is a money-saver. Organizations that had deployed security information and event management solutions realized a cost savings of nearly 25 percent over those who didn't. That, says Tom Reilly, HP vice president and general manager for enterprise security, "is grounds for optimism in what continues to be a fierce fight against cybercrime."
The battle against cybercrime has gotten much harder in the past year. It takes organizations longer, and costs them more, to resolve cyberattacks.
Still, the survey suggests the battle against cybercrime has gotten much harder in the past year. It takes organizations longer, and costs them more, to resolve cyberattacks. In 2011, the survey shows, the average time to resolve a cyberattack took 18 days, with an average cost to participating organizations of nearly $416,000. That's a nearly 70 percent increase from the estimated $250,000 cost and a 14-day resolution period surmised from last year's study.
And, it's tougher to solve an insider crime than one perpectuated from the outside. A malicious insider attack can take more than 45 days to contain.
Of course, averages can't be applied to all situations. The RSA breached occurred nearly five months ago, and no one knows - or at least no one is saying - who perpetrated that costly cybercrime that not only diminished EMC's coffers but RSA's reputation as well.