$7.7 million: Average cost of cybercrime per organization

In their sixth annual global study, HP and Ponemon Institute found that an organization loses $7.7 million on an average to cybercrime

Sonal Desai
New Update

MUMBAI, INDIA: HP has released results of its sixth annual study that details the economic impact of cyber-attacks across both the private and public sectors.


Conducted by the Ponemon Institute and sponsored by HP Enterprise Security, the 2015 Cost of Cybercrime Study, quantifies the annual cost of cybercrime for companies across seven countries including the US, UK, Japan, Germany, Australia, Brazil and the Russian Federation.

The study demonstrates that organizations are now committing 19 percent of their security budget allocation to the application layer, up from 16 percent last year.

Some key findings include:

• The average annualized cost of cybercrime incurred by Australian and Japanese organizations had increased by 13 percent and 14 percent respectively since last year.


• It took an average of 31 days to resolve a cyber-attack in Australia as compared to 26 days in Japan.

• Cybercrimes continue to be very costly: The average annualized cost of cybercrime incurred in Japan was $6.81 million, compared to $3.47 million in Australia.

• Cybercrime costs vary by organizational size: Results revealed based on enterprise seats, small organizations incurred a significantly higher per capita cost than larger organizations.


• Cybercrimes require more time to resolve: The average time to resolve a cyber-attack was 31 days in Australia, compared to 26 days in Japan. This represents an increase of 8 days in Australia and 1 day in Japan over the last year. Results also showed that malicious insider attacks can take an average of 50 days to contain in Australia, compared to 37 days in Japan.

• In both Japan and Australia, the most costly cybercrimes continued to be caused by denial of service and malicious insiders.

• In Australia, business disruption continued to represent the highest external cost, followed by the costs associated with information loss. On an annual basis, business disruption accounted for 38 percent of total external costs.


• In Japan, information theft represented the highest external cost, followed by the costs associated with business disruption. On an annual basis, information theft accounted for 48 percent of total external costs.

• Recovery and detection were the most costly internal activities in both countries. Australia reported that it accounted for 48 percent while Japan reported it accounted for 53 percent of the total annual internal activity cost. In both countries, productivity, cash outlays and direct labor represented the majority of these costs.

So who is leading the pack?

Across all seven countries studied, the US reported the highest total average cost of cybercrime at $15 million per company.


The Russian Federation reported the lowest average cost of cybercrime at $2.4 million. The

Japan sample ranked third globally at $6.81 million while the Australia ranked second lowest out of seven countries, reporting an average cost of cybercrime at $3.47 million.

Organizations investing in and using security intelligence technologies and governance practices to address the crimes that proved most costly were more efficient in detecting and containing cyber-attacks, thereby reducing costs otherwise incurred, the report found. The investments bore fruits.


• Deploying a security information and event management (SIEM) solution led to an average cost savings was $1.9 million per year, compared to companies not deploying similar security solutions.

• Employment of certified/expert security personnel can save $1.5 million.

• The appointment of a high-level security leader can reduce costs by $1.3 million.


“As seen in this year’s study, the return on investment for organizations deploying security intelligence systems, such as SIEM, realized an average annual cost savings of nearly $4 million—showcasing the ability to minimize impact by more efficiently detecting and containing cyber-attacks,” said Larry Ponemon, Chairman and Founder, Ponemon Institute.

“With cyber-attacks growing in both frequency and severity, understanding of the financial impact can help organizations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” he said.

“As organizations increasingly invest in new technologies like mobile, cloud, and the Internet of Things (IoT), the attack surface for more sophisticated adversaries continues to expand,” said Jyoti Prakash, Country Director, India and SAARC, HP Enterprise Security Products (ESP).

cyber-attacks tech-news hp security must-read