Cybercrime is costing Australian organisations as much as $10.9 million annually with some falling victim to 40 successful cyberattacks each week, according to a new study.
Information security research organisation Ponemon Institute completed case studies with 33 large Australian companies with more than 1000 seats (the number of direct connections to network and enterprise systems) for its 2012 Cost of Cyber Crime study.
The study found that the average annualised cost of cybercrime – using this benchmark sample – was $3.2 million per year.
The most costly cybercrimes continued to be caused by denial of service attacks, malicious insiders and Web-based attacks – when combined, these account for more than 60 per cent of cybercrime costs per organisation.
Disruption to business processes and revenue losses represented the highest external costs. When an attack occurred, business process losses account for 41 per cent of total external costs while costs associated with revenue losses and theft of information assets represented 54 per cent of external costs, the report said.
In addition, the average time to resolve a cyberattack – based on the sample – was 41 days compared to an average time of 21 days. The average cost incurred during a 21-day period was $183,479.
Recovery and detection were the most costly internal activities related to cybercrime, accounting for more than half the total internal cost annually, with “productivity losses and direct labour representing the majority of the total,” the report said.