The study looked at the cost of cyber crime for companies across seven countries including 28 organisations in Australia, and others in the US, UK, Japan, Germany, Brazil and the Russian Federation.
According to the study, the most costly cyber crimes in Australia continued to be those caused by denial of services, malicious insiders and malicious code. These crimes accounted for more than 45% of all cyber crime costs per organisation on an annual basis.
Shane Bellos, general manager, Enterprise Security Products, HP Software, HP South Pacific, says that understanding the cyber threats that pose the biggest risk and have the most economic impact to organisations can help enterprises better plan their security approach and investments.
“As organisations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” said Shane Bellos, general manager, Enterprise Security Products, HP Software, HP South Pacific.
“To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact.”
According to Bellos, as organisations strive to embrace new technologies while protecting their expanded environments, there is a need to shift security strategies from traditional network control and perimeter management to an advanced focus on protecting interactions among users, applications and data.
Bellos says the 2015 Cost of Cyber Crime Study for Australia demonstrates that organisations are now committing 20% of their security budget allocation to the application layer, up from 16% last year.
The study also found that business disruption continued to represent the highest external cost in Australia, followed by the costs associated with information loss.
On an annual basis, business disruption accounted for 38% of total external costs, down 2% from last year, while costs associated with information and revenue loss accounted for 58% of external costs, an increase from 54% last year.
And, the study also found that recovery and detection in Australia was the most costly internal activity, accounting for 48% of the total annual internal activity cost, with productivity and direct labour representing the majority of these costs.
Bellos said that the study showed that organisations investing in and using security intelligence technologies and governance practices to address the crimes that proved most costly were more efficient in detecting and containing cyber attacks, thereby reducing costs otherwise incurred.
For example, Australian companies with encryption technologies experienced average cost savings of $1.6 million, while those with security intelligence systems, experienced average cost savings of $1.5 million. In addition, companies with expert security personnel saved an average of $1 million.
The study also showed that the cost of cyber crime varied by industry segment, and for most industries has increased slightly since it was first conducted four years ago - this was especially true for the energy and utilities industry, which saw an increase of $2.2 million and the financial services industry, which saw an increase of $3.1 million. In comparison, organisations in the media, consumer products and retail industries appear to have experienced a lower overall cost of cyber crime cost over the last four years.
“With cyber attacks growing in both frequency and severity, understanding of the financial impact can help organisations determine the appropriate amount of investment and resources needed to prevent or mitigate the consequences of an attack,” said Dr. Larry Ponemon chairman and founder, Ponemon Institute.
“As seen in this year’s study, the return on investment for organisations deploying security intelligence systems, such as SIEM, realised an average annual cost savings of nearly $4 million – showcasing the ability to minimise impact by more efficiently detecting and containing cyber attacks.”