Cost of cyber crime ‘rose by 23% in last year’

Cost of cyber crime ‘rose by 23% in last year’ [Image: matejmo via iStock]

The cost of cyber crime around the world has increased by 23 per cent over the last year, now hitting companies for an average of $11.7 million (£8.8 million), according to a new report from consulting firm Accenture and research company the Ponemon Institute.

According to the 2017 Cost of Cyber Crime Study, the average number of security breaches annually reached 130. This was a 27.4 per cent increase from last year and almost double the amount experienced five years ago.

Accenture said this surge follows “a recent string of infamous malware attacks including WannaCry and Petya, which cost several global firms hundreds of millions of dollars in lost revenues”.

The study surveyed 2,182 security and IT professionals from 254 organisations worldwide and found that the number of cyber attacks has not slowed since the Ponemon Institute began the research in 2009.

It found that companies in the financial services and energy sectors have been the worst hit by cyber attacks, with an average annual cost of $18.28 million (£13.67 million) and $17.20 million (£12.86 million) respectively.

Also rising is the time it takes for businesses to resolve these issues. The report revealed that among the most time-consuming incidents are those that involve malicious insiders, which take 50 days on average to mitigate. Meanwhile, ransomware was found to take an average of more than 23 days.

The report found that malware and web-based attacks are the two most costly incidents, with companies spending an average of $2.4 million (£1.8 million) and $2 million (£1.5 million) respectively.

Kelly Bissell, managing director of Accenture Security, said: “As this research shows, making wise investments in innovation can certainly help make a significant difference when cyber criminals strike.

“Keeping pace with these more sophisticated and highly motivated attacks demands that organisations adopt a dynamic, nimble security strategy that builds resilience from the inside out – versus only focusing on the perimeter with an industry-specific approach that protects the entire value chain, end-to-end.”