Study: Cybercrime costs on the rise from last year

A new study says the cost of dealing with, and the frequency of, cybercrime is up sharply from last year, due in part to the sophistication of attacks.

Josh Lowensohn Former Senior Writer

Josh Lowensohn joined CNET in 2006 and now covers Apple. Before that, Josh wrote about everything from new Web start-ups, to remote-controlled robots that watch your house. Prior to joining CNET, Josh covered breaking video game news, as well as reviewing game software. His current console favorite is the Xbox 360.

See full bio

Josh Lowensohn

Aug. 2, 2011 1:14 p.m. PT

2 min read

A new annual study on the cost of cybercrime conducted by the Ponemon Institute has found that the expense of dealing with cybercrime is on the rise from last year.

The study, which was funded by Hewlett-Packard, found that the median cost of cybercrime to the 50 organizations it surveyed was $5.9 million per year, based on a range of $1.5 million to $36.5 million per year. That's up 56 percent from the $3.8 million median found in last year's study, which ranged from $1 million to $53 million per year.

That large median dollar amount for dealing with threats includes detection and investigation, as well as follow-through actions such as containment and recovery.

In terms of dealing with threats, the study found that the average time to address one is 18 days, resulting in an average price tag of $416,000. That's up from an average 14-day period and $250,000 per attack last year. Also up were the number of successful attacks; 72 were counted during the four-week test, marking a 45 percent bump from last year's study.

"Instances of cybercrime have continued to increase in both frequency and sophistication, with the potential impact to an organization's financial health becoming more substantial," Tom Reilly, vice president and general manager of enterprise security at HP, said in a statement. "Organizations in the most targeted industries are reducing the impact by leveraging security and risk management technologies, which is grounds for optimism in what continues to be a fierce fight against cybercrime."

In this year's study, the Ponemon Institute said the most expensive and common cybercrimes were malicious code, denial-of-service attacks, "malicious insiders," and devices that have been compromised through theft or hijacking.

Cybercriminals have laid their sights on a number of large organizations this year, including high-profile hacks against tech companies such as Sony, Nintendo, and Sony Ericcson, alongside the Web properties of Fox, and PBS, and various government agencies.