Cyber Attacks Cost Companies Average of $3.8 Million Per Year, Ponemon Institute Reports

The Ponemon Institute recently surveyed security professionals in 45 U.S. organizations and concluded that cybercrime is having a significant monetary impact on corporations. Over a four-week period, the 45 organizations experienced 50 successful attacks per week, or more than one successful attack per organization per week, and reported a median annual cost of $3.8 million per organization per year. The smallest loss was $1 million; the biggest, nearly $52 million.

Despite widespread awareness of the impact of cybercrime, cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions. The purpose of this benchmark study was twofold. First, Ponemon, in partnership with ArcSight, wanted to quantify the economic impact of a cyber attack. Second, Ponemon believed a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the institute, in an interview with USA Today.

The study also found:

- The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cybercrime costs per organization on an annual basis.

- Cyberattacks took 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.

The release of the study coincided with the Black Hat Conference happening this week in Las Vegas.