Proactive security staffing tactics and use of SIEM and other threat intelligence-enabled systems are helping Australian companies reduce the cost of dealing with security attacks, according to new Ponemon Institute research that also found Australian cyberattacks cost less than half as much to remediate as attacks on comparable European and US companies.
The HP-sponsored 2015 Cost of Cyber Crime Study: Australia, a subset of annual global research, surveyed 28 Australian businesses of 1000 seats or larger across a range of industry sectors, analysing their remediation of 200 attacks.
Australian companies spent anywhere from $792,000 to $18m to clean up after a cybercrime, with costs including detection, recovery, investigation and management of the response as well as the follow-on costs of containing issues such as business disruption and loss of customers.
Australia's average cost of $US3.47m ($A4.9m) was around that of remediation for companies in the UK ($US6.32m), Japan ($US6.81m), Germany ($US7.5m) and US ($US15.42m) and put Australian remediation efforts on par with Brazil ($US3.85m), which was included in the survey for the first time this year.
Organisations were taking longer to resolve cyber attacks than last year – increasing from 23 days last year to 31 days this year. Remediation during that period was also more costly, increasing from an average of $276,323 last year to $419,542 this year.
These increases suggest that cyber attacks are getting more complex and damaging, with malicious insiders, DDoS attacks and malicious code comprising more than 45 percent of all cybercrime attacks. Business disruption the single largest external cost and, combined with the cost of information loss, represented 58 percent of overall costs – up from 54 percent last year.
Organisational size was correlated with severity of cybercrime attack, but small organisations spent significantly more per capita on fixing cybercrime attacks than larger organisations – $1919 per capita as against $372.
Some of this savings is attributed to broader and deeper security capabilities in larger companies, Ponemon's analysis pointed out: “findings show that companies that employ certified expert security personnel and appoint a high-level security leader have cyber crime costs that are lower than companies that have not implemented those practices,” the analysis concluded.
Also helping in cutting costs was the use of security-intelligence systems such as SIEM, IPS, network intelligence, big-data analytics and other systems – all of which are increasingly recognised as playing a significant role in companies' IT-security response. use of which cut average recovery costs from $1.43m to $960,000 and average incident management costs from $690,000 to $330,000.
Those findings reinforce previous Ponemon Institute research that found four in 5 breach-affected companies wish they had installed threat intelligence platform earlier – and bolster the growing narrative by companies such as HP – which sponsored the latest Ponemon research and recently partnered with FireEye on threat detection, launched tools including machine-learning app-testing services and expanded its crowdsourced Threat Central threat-data sharing service.
A flurry of recent announcements has added to an increasingly crowded threat-intelligence market, with FireEye launching its Threat Intelligence Engine, Return Path launching an Email Threat Intelligence offering, SolarWinds adding threat-intelligence feeds to its SIEM platform, and vendors like iSIGHT Partners expanding their Australian operations.