Study cites cybercrime's rising costs to corporations

Cybercrime costs are climbing for companies both in the United States and overseas amid a slew of high-profile breaches, according to research released Tuesday.

A sixth annual study by the Ponemon Institute pegged the average annual cost of cybercrime per large US company at US$15.4 million. That's up 19 per cent from US$12.7 million a year ago.

It also represents an 82 per cent jump from Ponemon's inaugural study six years ago.

Individually, cybercrime costs for the US companies surveyed varied dramatically, ranging from US$1.9 million to US$65 million. And the average cost of a cyberattack on a US company rose 22 per cent to US$1.9 million from US$1.5 million.

Globally, the average annualised cost of cybercrime increased 1.9 per cent from last year to US$7.7 million.

"As an industry we're getting better, but attacks are becoming much more invasive and sophisticated," said Andrzej Kawalec, chief technology officer for Hewlett-Packard Company's HP Enterprise Security, which sponsored the study and sells cybersecurity services to businesses.

The study examined the total cost of responding to cybercrime incidents, including detection, recovery, investigation and incident-response management. It also looked at after-the-fact expenses designed to prevent additional costs stemming from the potential loss of business or customers.

Recent expensive and embarrassing breaches at companies, including Target, Home Depot and Sony Pictures, have prompted many companies to boost their cyber defences.

The study looked at a sample of 58 US companies with at least 1,000 connections to its computer network. Globally, the study analysed data from 252 companies in the US, United Kingdom, Germany, Australia, Japan, Russia and Brazil.