SMEs hit harder by rising cybercrime costs, reveals Ponemon study

The meek will inherit the bill

The cost of cybercrime incidents is rising rapidly for UK organisations but smaller ones are being hit proportionately harder, a major study by the Ponemon Institute has calculated.

The UK element of what was a global study on behalf of HP's Enterprise Security division looked at 36 UK-based organisations that reported a total of 192 attacks. The average annual cost of these was £2.99 million ($4.75 million) ranging from £379,000 at one end of the scale to £17 million at the other extreme.

In the equivalent 2012 report, cybercrime cleanup costs were £2.1 million per organisation which means that these have risen 36 percent in a year.

The definition of a cybercrime covers a wide range of events but malicious insiders, web-based attacks, denial of service, and malicious code (unidentified malware) were particularly costly to deal with, largely because they often go undetected for long periods of time; the longer an attack went undiscovered, the higher the eventual cost to the organisation concerned, the report found.

Put another way, rapid discovery of an attack lowers costs as does rapid clean-up. The average time to resolve an attack was 25 days with the special category of insider attacks raising this to 63 days.

Ponemon found that all sectors were victims of cybercrimes, but some sectors spend more on sorting them out than others with finance, defence and energy showing the highest numbers.

The cost differences were most striking when looking at organisational size with the 2013 cost per seat being £141 for the largest firms but £530 per seat for the smallest ones. It's not simply that smaller organisations bear more cost in relation to their size, what generates that cost varies too, with attacks from malware much more expensive for the small to remediate.

Ponemon's study also looked at the US, France, Japan, Germany and Australia, finding the same rising curve of cost for cybercrime with the UK in fact recording the second lowest costs of those surveyed. But what is causing these rising costs?

Part of the answer is that there simply more attacks to generate costs - or at least more being detected - but it could also be that greater awareness has caused a more diligent reaction when incidents are uncovered.

Ponemon found that those organisations that had invested in a range of security systems (i.e. SIEM and big data analytics as well as established technologies) ended up with lower remediation costs. This appeared to be a function of time; more rapidly detected incidents were cheaper and quicker to fix. Top of this pile for return on investment were security intelligence systems and advanced perimeter controls; surprisingly data loss prevention and automated policy management showed much lower returns.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityhardware systemsPonemon InstituteData CentreHewlett-PackardSME

More about HP

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place