By Tom Jowitt
Cyber-crime continues to vex British businesses after a new report revealed that the nation’s firms are paying a higher price for protection and also having to endure a longer post-attack recovery period.
These are some of the findings of Hewlett-Packard’s annual Cost of Cyber Crime Study, which said that the cost of cyber-crime for U.K. companies has risen by 14 percent over the past year.
The HP Enterprise security report found that typically, the annual cyber crime cost to U.K. firms is £4.1m per year, whereas last year’s average cost was £3.6m. This means that there has been a rise of £551,760 over the past 12 months.
The study data suggests that smaller companies are being hurt more (financially speaking) from cyber-crime based on enterprise seats. Indeed, smaller firms incur a significantly higher per capita cost compared to their larger brethren (£1,014 versus £232).
The report also revealed that the average time to resolve a cyber-attack was more than 4 weeks (31 days to be precise). The average cost to a British firm is £358,796 during this 31-day period, a 33 percent rise from last year when it took only 25-days to recover from a cyber-attack.
However, in the United States, the average recovery time takes even longer at 46 days, an increase of nearly 30 percent, as the average cost to resolve a single attack rises to more than $1.9 million (£1.2m).
The report, which examined seven countries including the U.K., United States, Japan, Germany, Australia, Brazil, and the Russian Federation, unsurprisingly found that certain industries are being more regularly targeted, with financial services, energy, utilities and communications companies bearing the brunt of online attacks.
In the United States, meanwhile, the picture is even worse, after researchers found the average annual cost of cyber-crime incurred by American firms was $15 million (£9.8m). This represents close to a 20 percent increase year-on-year and an 82 percent increase since the study began tracking this data six years ago.
“As organizations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand,” said Sue Barsamian, senior VP and general manager, Enterprise Security Products at HP.
“To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritize the security strategies that can make a difference in minimizing the impact,” said Barsamian. “As organizations strive to embrace new technologies while protecting their expanded environments, there is a need to shift security strategies from traditional network control and perimeter management to an advanced focus on protecting interactions among users, applications and data.
The most costly cyber-crimes are those caused by malicious insiders, denial of services and Web-based attacks.
Last month, a survey from Lieberman Software Corporation found that nearly all businesses nowadays understand the potential damage posed to their organizations by cyber-attacks. But it also discovered that many businesses are still not being proactive about their security, and fail even to conduct regular cyber-security drills.
The knock on effects of not enhancing IT security measures can be serious.
Specialist insurer Allianz, for example, recently warned that businesses have to ready themselves to face the next generation of cyber-threats. And it said that more and more companies will opt for specific cyber-insurance policies, but these must be used hand-in-hand with improved IT security procedures.
Last year, a Tripwire survey found that the majority of energy IT professionals were confident they could detect a data breach on critical systems within a week, despite industry research that most breaches go undiscovered for weeks, months or even longer.