Cyber-crime cost per organisation has increased by 13 per cent this year to $4.9 million in Australia, according to a study by HP Enterprise Security. Through the study, the company also found that the resolution time of a cyber-attack has increased to 31 days, with the average cost incurred by organisations to be $419,542 within this period.
Results come from the 2015 Cost of Cyber Crime Study, sponsored by HP Enterprise Security and conducted by the Ponemon Institute. The fourth annual study quantified the annual cost of cyber-crime for companies across Australia, the US, the UK, Japan, Germany, Brazil and the Russian Federation.
The study found that not only have incurred costs increased, resolution time of the attack has too. Results showed a 47 per cent increase from last year’s estimated average cost, based upon a 23 day resolution period.
According to the study, the most costly cyber-crimes in Australia continue to be those caused by denial of services, malicious insiders and malicious code, accounting for more than 45 per cent of all cyber-crime costs per organisation on an annual basis.
Business disruption accounted for 38 per cent of total external costs, down two per cent from 2014 and costs associated with revenue loss accounted for 58 per cent of external costs, an increase from 54 per cent last year.
Recovery and detection in Australia was the most costly internal activity, accounting for 48 per cent of the total annual internal activity cost, with productivity and direct labour representing the majority of these costs.
In addition, it highlighted that Australian companies with encryption technologies experience an average cost savings of $1.6 million, while those with security intelligence systems experienced average cost savings of $1.5 million. In addition, companies with expert security personnel saved an average of $1 million.
“As organisations increasingly invest in new technologies like mobile, Cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” HP South-Pacific software enterprise security products general manager, Shane Bellos, said.
“To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact.”
Ponemon Institute chairman and founder, Dr Larry Ponemon, said, “with cyber attacks growing in both frequency and severity, understanding of the financial impact can help organisations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack.”
“As seen in this year’s study, the return on investment for organisations deploying security intelligence systems, such as SIEM, realised an average annual cost savings of nearly $4 million – showcasing the ability to minimise impact by more efficiently detecting and containing cyber attacks,” he added.