Malware, ransomware and malicious insiders: Cost of cyber crime revealed
Organisations are spending 22.7 per cent more on cyber security this year than they did last year, according to the 2017 Cost of Cyber Crime Study from the Ponemon Institute and Accenture.
Cyber crime now costs businesses an average of $11.7 million (£8.8 million), up from $9.5 million the previous year. However, not all industries suffer the same level of financial loss, with this figure rising to an average of more than $17 million for businesses in the financial services and energy and utilities sectors.
The UK experienced a rise of 21.2 per cent in cyber crime costs between 2016 and 2017. This was the lowest change, with Germany recording a 42.4 per cent increase, the highest of all nations evaluated.
In the UK, malware is the most common form of cyber threat, making up 18 per cent of all attacks. Web-based attacks are the second most common form (17 per cent), while denial of services hacks are the third most prevalent (15 per cent).
Meanwhile, according to the research, the number of successful breaches a year per company has risen by more than 27 per cent in the last year, from an average of 102 to 130, with ransomware attacks alone having doubled in frequency. These attacks rose from 13 per cent to 27 per cent, with incidents like WannaCry and Petya affecting thousands of targets and disrupting public services and large corporations across the world, including the UK’s NHS.
Cyber criminals have also been found to be evolving new business models, such as ransomware as a service, which means that attackers are finding it easier to scale cyber crime globally.
Among the organisations studied for the report, information loss comprised the largest cyber crime cost component, with a rise from 35 per cent in 2015 to 43 per cent in 2017. The report authors said it is “this threat landscape that demands organisations re-examine their investment priorities to keep pace with these more sophisticated and highly motivated attacks”.
The report found that spending on governance, risk and compliance (GRC) technologies is not a guaranteed fast track to better security. It revealed that enterprise-wide deployment of GRC technology and automated policy management showed the lowest effectiveness in reducing cyber crime costs (nine per cent and seven per cent respectively) out of nine enabling security technologies.
According to the report, despite compliance technology still being important, organisations should ensure they are spending to an appropriate level in order to achieve the required capability and effectiveness, which then enables them to “free up funds for breakthrough innovations”.
In terms of the time taken to resolve cyber attacks, it takes businesses an average of 50 days to resolve a malicious insider attack, while it takes 23 days to resolve a ransomware attack.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.