Ponemon Institute’s recently released 2015 Cost of Cyber Crime Study: United Kingdom – the fourth such annual study for this country – has determined that the mean annualised cost of cyber crime to large organisations in the UK is now £4.1 million per year, a year-on-year increase of 14%.
While it’s important to note that these figures relate to only 39 benchmarked organisations in the UK, each with a minimum of approximately 1,000 “connections to the network and enterprise systems”, Ponemon’s methodology examines the incidents in question in considerably more detail than many broader-reaching reports, so the wider lessons that can be drawn from the report are arguably of greater use to other industries.
All Internet-facing organisations are equally at risk of cyber attack, as we know, so everyone can take something from Ponemon’s analysis:
Costs vary by organisational size, industry segment and type of attack.
Small organisations “incur a significantly higher per capita cost than larger organisations (£1,014 versus £232)”; “organisations in financial services, energy and utilities and communications experience substantially higher cyber crime costs than organisations in retail, public sector and education and research”; denial-of-service attacks, malicious insiders and web-based attacks “account for an average of 49% of all cyber crime costs per organisation”.
The longer it takes to resolve a cyber attack, the more costly it is.
The “average time to resolve a cyber attack was 31 days, with an average cost to participating organisations of £358,796”; “malicious insider attacks can take more than about 70 days on average to contain.”
Employing enterprise-wide security practices reduces the cost of cyber crime.
Cyber crime costs are “moderated by the use of security intelligence systems” by an average “of more than £1.3 million”, and companies that employ “certified and expert personnel” will realise an average cost saving of £911,215.