Cyber crime is costing the healthcare industry dearly, and that cost continues to rise. According to the latest survey released by the Ponemon Institute, the average cost of cyber crime resolution has risen again this year. The cost of resolving criminal attacks, data theft and resultant data loss, now costs 82% more than it did when the first Ponemon Institute Cost of Cyber Crime Study was released in 2010.
Average Cost of Cyber Crime Resolution has Risen 20% in 12 Months
This year, the HP Enterprise Security-sponsored 2015 U.S. Cost of Cyber Crime Study shows that the average cost of cyber crime resolution has risen by almost 20% compared to 2014. The time taken to respond to security incidents has also increased significantly. The average response time is now 46 days, 30% longer than in 2010.
Organizations have implemented a number of data security measures over the past 6 years to aid the detection of malware and network infiltrations; however, hackers and malicious insiders have developed their own techniques to make evade detection. Their attacks have also become far more complicated.
Some forms of attack are proving to be harder to deal with than others according to the report. Malware, malicious code, Denial of Service attacks (DoS) and malicious insiders pose the biggest risks and result in the biggest expenditure in dealing with the crimes. Malicious insider attacks are the hardest to deal with, and take the longest to resolve. The report suggests an average of 63 days to deal with these forms of attack.
It is difficult to estimate the cost of dealing with cyber crime, and previous attempts by other organizations have shown that the cost of resolution is almost impossible to calculate until many years after the event. It is, for instance, not possible to accurately estimate fines that will be issued by regulatory bodies, as they often take years before settlements are reached. Data breach lawsuits filed by the victims of the crimes similarly take many years to be resolved. However, the Ponemon Institute data appears to be the most accurate.
This year’s figures show the average cost of dealing with incidences of cyber crime has risen to $15 million in the United States, with organizations around the world found to have spent, on average, between $1.9 and $65 million per year, per company. The average cost of dealing with a single incident was found to be $1.6 million.
Fortunately, there are a number of ways cyber crime costs can be reduced. If organizations implement technologies to protect networks, identify intrusions, and if they also employ key members of security staff, the cost of dealing with data breaches and cybersecurity incidents can be reduced, as can the probability of succumbing to an attack.
The data suggest that employing a security information and event management (SIEM) solution can result in savings of $3.7 million per year; ensuring sufficient budgets and resources are allocated to cyber crime resolution is also important, potentially saving and average of $2.8 million in attack response and management costs. The use of encryption technologies offers the biggest cost savings, reducing the cost of cyber crime resolution by as much as 57%.