Cyber attacks on the rise and more costly, study says
The median cost of cyber crimes rose to $5.9 million, up from $3.8 million in 2010, while the number of attacks rose by 44% with at one successful attack on each of the companies in the study each week, according to a study released Tuesday by the Ponemon Institute, a research group that studies Internet security. Costs to targets include spending on security experts and investigations, loss of productivity, system software upgrades and the value of stolen intellectual property.
"The fact that costs have increased so substantially suggests that cyber crime issues are getting worse," said Larry Ponemon, chairman of the institute.
The study found the most expensive cyber crimes to be denial of service, Web-based attacks, malicious code and malicious insiders. The study found attacks are taking longer to resolve on average, 18 days, up from 14 last year, and are costing more as well, more than $415,000 per attack, up from more than $247,000 in 2010.
"The bad guys are getting stealthier, and their attacks are getting harder to detect," Ponemon said.
The study, which looked at 50 large companies in the U.S., is conducted each year to gauge the economic cost of cyber attacks.
"We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack," the study said.
Cyber attacks have been occurring at a record pace in 2011 with the likes of the FBI, the CIA, NATO, News Corp. and Citigroup among their victims. The study found three companies that spent more than $29 million to resolve cyber attacks, and a large attack on Sony earlier this year is expected to cost the company more than $170 million. Last month, the institute reported that cyber crimes in the first half of this year cost U.S. companies nearly as much as they did in all of 2010.
-- Salvador Rodriguez
Image: A study by the Ponemon Institute found the industries most affected by cyber crimes are the defense, utilities and energy, and the financial services industries. Credit: Ponemon Institute