Assigning a money value to data breaches is difficult, but a new study is trying to set a baseline measure for corporate losses.
The First Annual Cost of Cyber Crime Study was recently released by security experts at the Ponemon Institute in a commission from security software provided ArcSight.
The institute interviewed some 45 major companies, and found out that on average, the companies lost some $4.8 million each year. The losses ranged from theft of intellectual property, malicious damage to computer systems and actual financial fraud on the company or its customers.
Most expensive of all are the resources required for detection and recovery from attacks, which amount to 46% of all costs, according to the survey. This does not account for the opportunity cost lost by paying IT staffers to play defense against hackers rather than undertaking proactive projects to help the company.
- It takes 14 days on average to clean up after a cyber-attack
- Each individual attack has an average cost of $17,696 per day until the attack is resolved
- The companies surveyed reported on average 60 successful attacks per week, and
- The appointment of a dedicated expert to detect and fix breaches reduces the duration, severity and cost of such breaches.
Of course, this is all proportional — smaller companies are likely to have smaller losses. On the other hand, they are less likely to be monitoring the problem, and may well be losing money and time in ways they cannot even detect.