SOFTWARE INDUSTRY NEWS

ArcSight and Ponemon Institute release annual cost of cyber crime study
28 July 2010 , Written by Dhruv Tanwar
Bookmark and Share


Enterprise threat and risk management solutions provider ArcSight, Inc. and the Ponemon Institute have announced the results of a benchmark study that quantifies the economic impact of cyber crime.

cyber_crimeCyber crime usually refers to criminal activity conducted via the Internet. Attacks can include stealing an organization's intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country's critical national infrastructure.

Sponsored by ArcSight, the first annual cost of cyber crime study was independently conducted by the Ponemon Institute. It was designed to provide an awareness around the level of investment and resources needed to prevent or mitigate the devastating consequences of a cyber attack. It was conducted in early 2010 from a survey of 45 US organizations representing a cross section of markets, and focused on the direct, indirect and opportunity costs that resulted from loss or theft of information, disruption to business operations, revenue loss and destruction of property. These costs included what was spent on the detection, investigation, containment, recovery and post-act response.

According to the study, which involved interviews with the data protection and IT security practitioners in 45 US organizations, cyber crime is common, intrusive, and can have a significant impact on an organization's bottom line. Over a four-week period, the 45 organizations surveyed in the study experienced 50 successful attacks per week, or more than one successful attack per organization per week. This resulted in a median annualized cost of $3.8 million per organization per year, with costs for the complete benchmark sample ranging from $1 million to nearly $52 million, the study revealed.

The study also found that:
  • The most costly cyber crimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90 percent of all cyber crime costs per organization on an annual basis.
  • Cyber attacks can be costly if not resolved quickly. In the sample, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.
  • Detection and recovery are the most costly internal activities. On an annualized basis, detection and recovery combined account for 46 percent of the total internal activity cost, with labor representing the majority of these costs.
  • Detection and recovery costs from cyber attacks can be mitigated by deploying enabling technologies such as SIEM and enterprise threat and risk management (ETRM) solutions. For example, participating companies that had deployed a SIEM system achieved a 24 percent cost savings when dealing with cyber attacks versus those that had not.
 

LISTS AND RESEARCH

  • list Global Software Top 100 - Edition 2011
    • The Global Software Top 100 is a list of the world's largest software companies, ranked by annual software revenues. The list is based upon revenue information of 10,000+ IT companies worldwide.
  • Software industry trends (2011)
    • This research article (accompanying the Global Software Top 100) describes changes in the software industry playing field. It analyses trends and key players and forecasts future developments.
  • Top hardware companies
    • A list of the world's largest hardware companies.
  • What happens in the hardware industry?
    • Trends and analysis of the hardware industry and its key players.
  • Top IT services companies
    • A list of the world's largest IT services companies, ranked by annual services revenues. This link will take you to www.servicestop100.org.
  • IT services companies: healthy growth
    • What is happening in the IT services industry? Read this research publication to find out about trends and key players in the IT services industry.
  • Top gaming companies (2010)
    • Entertainment is good business, and gaming software companies are growing faster than the rest of the software industry. This research article discusses trends and key players in the gaming business.
  • Top ERP companies
    • A research publication about the world's leading players in enterprise software.
  • Top security software companies
    • A research publication discussing the world's leading publishers of security software: antivirus-, spamfiltering-, intrusion detection- and firewall software.
  • The fastest growing software companies
    • This research publication reveals the fastest growing software companies in the world.
  • CRM companies: a short list
    • A short list of the leading software companies selling Customer Relationship Management software; aimed at IT managers looking to purchase CRM software.
  • Top software companies in the US (2010)
    • A list of the largest software companies in the United States, ranked by annual software revenues. 2010 Edition, posted 15 December 2010.
  • U.S. software industry trends (2010)
    • A research publication discussing the trends and the key players in the software industry in the United States. Posted 15 December 2010.
  • Top companies in the world (not just software)
    • A general list of the largest companies in the world, ranked by revenues. Not just software companies; in fact, there are no software companies in it...
  • Top IT companies
    • A list of the largest IT companies in the world, ranked by annual revenues. Includes hardware, software and services.
More lists and research >

POPULAR NEWS

Go to news overview >

RECENT NEWS

Go to news overview >