Malware infections globally are the most
expensive cyber attacks – costing $2.4 million per incident
Please replace the release with the following corrected version
due to multiple revisions.
This Smart News Release features multimedia.
View the full release here:
http://www.businesswire.com/news/home/20170926005683/en/
Accenture and Ponemon, "2017 Cost of
Cyber Crime Study" (Graphic: Business Wire)
The corrected release reads:
ACCENTURE AND PONEMON INSTITUTE REPORT:
CYBER CRIME DRAINS $11.7 MILLION PER BUSINESS ANNUALLY, UP 62
PERCENT IN FIVE YEARS
Malware infections globally are the most
expensive cyber attacks – costing $2.4 million per incident
Costly cyber attacks are having a significant and growing
financial impact on businesses worldwide. According to new research
published today by Accenture (NYSE: ACN) and the Ponemon Institute,
in 2017 the average cost of cyber crime globally climbed to $11.7
million per organization, a 23 percent increase from $9.5 million
reported in 2016, and represents a staggering 62 percent increase
in the last five years. In comparison, companies in the United
States incurred the highest total average cost at $21.22 million
while Germany experienced the most significant increase in total
cyber crime costs from $7.84 million to $11.15 million. This surge
follows a recent string of infamous malware attacks including
WannaCry and Petya, which cost several global firms hundreds of
millions of dollars in lost revenues.
The "Cost of Cyber Crime Study" surveyed 2,182 security and IT
professionals in 254 organizations worldwide and found that the
number of cyber attacks has shown no sign of slowing down since the
Ponemon Institute began the research in 2009. Key findings of the
study include the following:
- On average, a company suffers 130
breaches per year, a 27.4 percent increase over 2016 and almost
double what it was five years ago. Breaches are defined as core
network or enterprise system infiltrations.
- Companies in the financial services and
energy sectors are the worst hit, with an average annual cost of
$18.28 million and $17.20 million respectively.
- The time to resolve issues is showing
similar increases. Among the most time-consuming incidents are
those involving malicious insiders, which take on average 50 days
to mitigate while ransomware takes an average of more than 23
days.
- Malware and Web-based attacks are the
two most costly attack types with companies spending an average of
$2.4 million and $2 million respectively.
“The costly and devastating consequences businesses are
suffering, as a result of cyber crime, highlights the growing
importance of strategically planning and closely monitoring
security investments. As this research shows, making wise
investments in innovation can certainly help make a significant
difference when cyber criminals strike,” said Kelly Bissell,
managing director of Accenture Security. “Keeping pace with these
more sophisticated and highly motivated attacks demands that
organizations adopt a dynamic, nimble security strategy that builds
resilience from the inside out – versus only focusing on the
perimeter -- with an industry-specific approach that protects the
entire value chain, end-to-end.”
Security technology spending out of balance
Of the nine security technologies evaluated, the highest
percentage spend was on advanced perimeter controls, yet companies
deploying these security solutions only realized an operational
cost savings of $1 million associated with identifying and
remediating cyber attacks, suggesting possible inefficiencies in
the allocation of resources. Among the most effective categories in
reducing losses from cyber crime are security intelligence systems,
defined as tools that ingest intelligence from various sources that
help companies identify and prioritize internal and external
threats. They delivered substantial cost savings of $2.8 million,
higher than all other technology types included in this study.
Automation, orchestration and machine learning technologies were
only deployed by 28 percent of organizations – the lowest of the
technologies surveyed – yet provided the third highest cost savings
for security technologies overall at $2.2 million.
Financial consequences of cyber attacks are surging
Researchers considered four main impacts on organizations that
suffered a cyber attack: business disruption, loss of information,
loss of revenue and damage to equipment. The most damaging of those
today is loss of information, mentioned by 43 percent of
organizations represented in the study. In contrast, the cost of
business disruption, such as business process failures following an
attack, has decreased from 39 percent in 2015 to 33 percent in this
year’s research.
“The foundation of a strong and effective security program is to
identify and ‘harden’ the most-high value assets,” said Dr. Larry
Ponemon, chairman and founder of the Ponemon Institute. “While
steady progress has been made in improving cyber defense, a better
understanding of the cost of cyber crime could help businesses
bridge the gap between their own vulnerabilities and the escalating
creativity – and numbers – of threat actors.”
Costs per organization vary widely by country and type of
cyber attack
Australia reports the lowest total average cost from a cyber
attack at $5.41 million, while the United Kingdom had the lowest
change over the last year from $7.21 million to $8.74 million.
Japan experienced a 22 percent increase in costs to $10.45 million
– the third highest increase of the countries in the survey.
Costs also vary considerably by the type of cyber attack. U.S.
companies are spending more to resolve all types of cyber attacks,
especially for malware and Web-based attacks ($3.82 million and
$3.40 million per incident, respectively). For companies in Germany
and Australia, 23 percent of total annual cyber incident costs are
due to malware attacks. In France, 20 percent of the total cyber
crime annual costs are attributed to Web-based attacks. Denial of
service attacks account for 15 percent of total cyber crime annual
costs in both Germany and the United Kingdom.
Steps to improve effectiveness of cybersecurity
efforts
By taking the following three steps, organizations can further
improve the effectiveness of their cybersecurity efforts to fend
off and reduce the impact of cyber crime:
1. Build cybersecurity on a strong foundation: invest
in the ‘brilliant basics’ such as security intelligence and
advanced access management and yet recognize the need to innovate
to stay ahead of hackers.
2. Undertake extreme pressure testing: Organizations should not
rely on compliance alone to enhance their security profile but
undertake extreme pressure testing to identify vulnerabilities more
rigorously than even the most highly motivated attacker.
3. Invest in breakthrough innovation: Balance spend on
new technologies, specifically analytics and artificial
intelligence, to enhance program effectiveness and scale
value.
For more information on security investments that can help
organizations effectively deal with cyber risks, visit:
accenture.com/-insights-and-innovation.
Methodology
The study, conducted by the Ponemon Institute on behalf of
Accenture, analyzes a variety of costs associated with cyber
attacks to IT infrastructure, economic espionage, business
disruption, ex-filtration of intellectual property and revenue
losses. Data was collected from 2,182 interviews conducted over a
ten-month period from a benchmark sample of 254 organizations in
seven countries - the US, United Kingdom, Australia, Germany,
Japan, France and Italy. The study represents the annualized cost
of all cyber crime events and exploits experienced over a one-year
period. These include costs to detect, recover, investigate and
manage the incident response. Also covered are costs that result in
after-the-fact activities and efforts to contain additional
expenses from business disruption and the loss of customers.
About Accenture
Accenture is a leading global professional services company,
providing a broad range of services and solutions in strategy,
consulting, digital, technology and operations. Combining unmatched
experience and specialized skills across more than 40 industries
and all business functions – underpinned by the world’s largest
delivery network – Accenture works at the intersection of business
and technology to help clients improve their performance and create
sustainable value for their stakeholders. With more than 411,000
people serving clients in more than 120 countries, Accenture drives
innovation to improve the way the world works and lives. Visit us
at www.accenture.com.
Accenture Security helps organizations build
resilience from the inside out, so they can confidently
focus on innovation and growth. Leveraging its global network of
cybersecurity labs, deep industry understanding across client value
chains and services that span the security lifecycle, Accenture
helps clients protect their organization’s valuable assets,
end-to-end. With services that include strategy and risk
management, cyber defense, digital identity, application security
and managed security, Accenture enables businesses around the world
to defend against known sophisticated threats, and the unknown.
Follow us @AccentureSecure on Twitter or visit us at
www.accenture.com/security.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20170926005683/en/
AccentureAlison Geib,
+1-703-947-4404alison.geib@accenture.com
Accenture (NYSE:ACN)
Historical Stock Chart
From Mar 2024 to Apr 2024
Accenture (NYSE:ACN)
Historical Stock Chart
From Apr 2023 to Apr 2024