Enterprising Developments

Cost of Cyber Crime Keeps Soaring: How Worried Should We Be?

Joe McKendrick
Insurance Experts' Forum, February 9, 2011

A few months back, the Ponemon Institute released calculations of the cost of enterprise security breaches, and they aren't cheap.

Researchers determined that the median annualized cost of cyber crime of 45 organizations studied is $3.8 million per year. The range was $1 million to $52 million per year per company.

The report, initially released last summer and made available by its sponsor, ArcSight (recently acquired by HP), is worth resurfacing because it actually puts a number value on the financial costs of information security breaches. Often, companies are reluctant to put out too much money for information security efforts. Ponemon reports that cyber attacks have become common occurrences.

“The companies in our study experienced 50 successful attacks per week and more than one successful attack per company per week,” the report states.

The most costly cyber crimes are those caused by Web attacks, malicious code and malicious insiders, which account for more than 90% of all cyber crime costs per organization on an annual basis.

Even more eye opening is the length of time it takes to deal with security incidents. Speed seems to matter. A great deal of the costs appear to be related to how quickly companies can respond to and resolve attacks. On average, Ponemon found, companies expend $247,757 every 14 days or $17,696 per day per attack. The average amount of time to resolve a malicious code attack is 39 days; 30 days to deal with malicious insiders, and 19 days to resolve a Web attack.

But here's the rub: Whether it's within a month or less, these incidents are only resolved if managers and administrators are aware if the breach is taking place. There may be many instances where breaches could go on for months and even years with no knowledge of what's going on. What can help spot discrepancies? Auditing, for one—while it won't prevent breaches, it may help stop ongoing data leaks. In my own survey work in this area, there is still precious little auditing taking place.

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Driving Growth Through Distribution Management

In the current hyper-competitive marketplace, many carriers are focusing on improving their distribution practices as a key technique for driving growth.

Google and Insurance: One Year Later

Google is getting the approval for selling insurance on their compare site in a large number of states via a number of different insurance partners.

How IT Managers Can Get Close to Policyholders

Four steps CIOs need to take to lead insurance organizations to greater “customer obsession.”

Strategic Initiatives for 2015: Making Sense of the Shifts

Insurers must choose between embracing innovation or just continuing with business as usual and run the risk of becoming a casualty in the new competitive battle.

To Stay in the Game, Insurers Must Aggressively Embrace New Consumer Technologies

Emerging technologies displayed at the CES could be some of the greatest change agents since the introduction of the Internet, offering breakthroughs that could challenge many businesses.

Marketing: The Insurer’s Shadow IT Department

Marketing executives continue their march into the insurance data center.