Large scale global study provides a snapshot of the business impacts of cyber attacks

Published: Monday, 11 March 2019 09:13

The cost to companies from malware and ‘malicious insider’ related cyber attacks jumped 12 percent in 2018 and accounted for one-third of all cyber attack costs, according to new research published by Accenture and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organizations worldwide, Accenture’s 2019  ‘Cost of Cybercrime Study’ found that the cost to companies due to malware increased 11 percent, to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners - jumped 15 percent, to US$1.6 million per organization, on average.

Together these two types of cyber attacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cyber crime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organization, on average.

The study calculated cyber crime costs as what an organization spends to discover, investigate, contain and recover from cyber attacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident response activities designed to prevent similar attacks - and efforts to reduce business disruption and the loss of customers.

Other notable findings of the study include:

Companies in the United States experienced the greatest increase in costs due to cyber crime in 2018, at 29 percent, with a cost of US$27.4 million per company, on average - at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6 million, followed by Germany, at US$13.1 million, and the UK, at US$11.5 million. The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.

“From people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations,” said Kelly Bissell, senior managing director of Accenture Security. “This siloed approach is bad for business and can result in poor accountability across the organization, as well as a sense that security isn’t everyone’s responsibility. Our study makes it clear that it’s time for a more holistic, proactive and preventative approach to cyber risk management involving full business engagement across the entire ecosystem of partners.”

More details.