The Public Eye with Eric Chabrow

Cost of Cybercrime Soaring

Survey: Median Cost of Cybercrime Up 56% in a Year
Cost of Cybercrime Soaring

Cybercrime is expensive. Just ask storage maker EMC, parent of security provider RSA. EMC CFO David Goulden the other day said last month's breach of the system that stores secret codes for RSA's SecurID multifactor authentication tokens cost EMC $66.3 million in the second quarter (see RSA Breach Costs Parent EMC $66.3 Million).

That's well above average, according to a just-released survey by technology provider Hewlett-Packard, conducted by the Ponemon Institute. HP's second annual Cost of Cybercrime Study pegged the median annualized cost of cybercrime incurred by a benchmark sample of organizations at $5.9 million. The survey revealed a range of $1.5 million to $36.5 million, a 56 percent increase from the median cybercrime cost reported in HP's inaugural study published in July 2010.

But, as the study shows, taking the proper preventative measures is a money-saver. Organizations that had deployed security information and event management solutions realized a cost savings of nearly 25 percent over those who didn't. That, says Tom Reilly, HP vice president and general manager for enterprise security, "is grounds for optimism in what continues to be a fierce fight against cybercrime."

Still, the survey suggests the battle against cybercrime has gotten much harder in the past year. It takes organizations longer, and costs them more, to resolve cyberattacks. In 2011, the survey shows, the average time to resolve a cyberattack took 18 days, with an average cost to participating organizations of nearly $416,000. That's a nearly 70 percent increase from the estimated $250,000 cost and a 14-day resolution period surmised from last year's study.

And, it's tougher to solve an insider crime than one perpectuated from the outside. A malicious insider attack can take more than 45 days to contain.

Of course, averages can't be applied to all situations. The RSA breached occurred nearly five months ago, and no one knows - or at least no one is saying - who perpetrated that costly cybercrime that not only diminished EMC's coffers but RSA's reputation as well.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.