Despite surge, Australian cybercrime cleanup still cheaper than UK, US

Proactive security staffing tactics and use of SIEM and other threat intelligence-enabled systems are helping Australian companies reduce the cost of dealing with security attacks, according to new Ponemon Institute research that also found Australian cyberattacks cost less than half as much to remediate as attacks on comparable European and US companies.

The HP-sponsored 2015 Cost of Cyber Crime Study: Australia, a subset of annual global research, surveyed 28 Australian businesses of 1000 seats or larger across a range of industry sectors, analysing their remediation of 200 attacks.

Australian companies spent anywhere from $792,000 to $18m to clean up after a cybercrime, with costs including detection, recovery, investigation and management of the response as well as the follow-on costs of containing issues such as business disruption and loss of customers.

Australia's average cost of $US3.47m ($A4.9m) was around that of remediation for companies in the UK ($US6.32m), Japan ($US6.81m), Germany ($US7.5m) and US ($US15.42m) and put Australian remediation efforts on par with Brazil ($US3.85m), which was included in the survey for the first time this year.

Organisations were taking longer to resolve cyber attacks than last year – increasing from 23 days last year to 31 days this year. Remediation during that period was also more costly, increasing from an average of $276,323 last year to $419,542 this year.

These increases suggest that cyber attacks are getting more complex and damaging, with malicious insiders, DDoS attacks and malicious code comprising more than 45 percent of all cybercrime attacks. Business disruption the single largest external cost and, combined with the cost of information loss, represented 58 percent of overall costs – up from 54 percent last year.

Organisational size was correlated with severity of cybercrime attack, but small organisations spent significantly more per capita on fixing cybercrime attacks than larger organisations – $1919 per capita as against $372.

Some of this savings is attributed to broader and deeper security capabilities in larger companies, Ponemon's analysis pointed out: “findings show that companies that employ certified expert security personnel and appoint a high-level security leader have cyber crime costs that are lower than companies that have not implemented those practices,” the analysis concluded.

Also helping in cutting costs was the use of security-intelligence systems such as SIEM, IPS, network intelligence, big-data analytics and other systems – all of which are increasingly recognised as playing a significant role in companies' IT-security response. use of which cut average recovery costs from $1.43m to $960,000 and average incident management costs from $690,000 to $330,000.

Those findings reinforce previous Ponemon Institute research that found four in 5 breach-affected companies wish they had installed threat intelligence platform earlier – and bolster the growing narrative by companies such as HP – which sponsored the latest Ponemon research and recently partnered with FireEye on threat detection, launched tools including machine-learning app-testing services and expanded its crowdsourced Threat Central threat-data sharing service.

A flurry of recent announcements has added to an increasingly crowded threat-intelligence market, with FireEye launching its Threat Intelligence Engine, Return Path launching an Email Threat Intelligence offering, SolarWinds adding threat-intelligence feeds to its SIEM platform, and vendors like iSIGHT Partners expanding their Australian operations.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian cyberattacksEuropeacyber crimecheapCSO AustraliacybercrimeUKHPannual global researchUSsecurity staffing

More about FireEyeHPIPSReturn PathSolarWindsThreat Intelligence

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts