US firms have a 'bigger bullseye on their back' when it comes to cybercrime, says Ponemon
The average annual cost of cybercrime in the U.S. jumped 20 percent this year, topping $15 million per company, according an annual study conducted by the Ponemon Institute and sponsored by HP. The costs range from $1.9 million to $65 million annually per company.
In last year's report, the average annual cost of cybercrime was $12.7 million per company. The costs ranged from $1.6 million to as high as $61 million, according to the review of 257 organizations.
In this year's report, the average time it took to resolve a cyberattack was 46 days, with an average cost of more than $1.9 million during this 46-day period. This represents a 22 percent increase from last year's estimated average cost of approximately $1.5 million, which was based upon a 45-day resolution period.
Larry Ponemon, chairman of the Ponemon Institute, told FierceITSecurity that the cost of cybercrime rose the most in the U.S. compared to six other countries – U.K., Japan, Germany, Australia, Brazil and Russia – the report tracks. He said that U.S. companies appear to have a "bigger bullseye on their back" than companies in other countries.
"Since we began the research, there has been approximately a 220 percent increase in the number of cyberattacks for our sample study," Ponemon said.
Ponemon explained that the most costly cybercrimes are the result of denial of service attacks, malicious insiders and malicious code.
HP attributed the increase in the cost of cybercrime to the dissolving of the security perimeter, itself due to companies' increasing use of cloud and mobile technology. "While organizations are very good at securing their four walls, they don't have a good grasp at how to secure the infrastructure that is out of their hands," Maria Bledsoe, a senior product marketing manager with HP Enterprise Security, told FierceITSecurity.
Average cost of cybercrime soars 96% over 5-year period to $12.7M
Linux-based botnet blows sites away with powerful DDoS attacks
Former AT&T employees deployed malware on its computer systems to unlock phones, carrier alleges