ArcSight, Inc., provider of enterprise threat and risk management solutions, and the Ponemon Institute announced the results of a benchmark study that quantifies the economic impact of cyber crime. The First Annual Cost of Cyber Crime Study was sponsored by ArcSight, independently conducted by the Ponemon Institute and designed to provide awareness around the level of investment and resources needed to prevent or mitigate the devastating consequences of a cyber attack.

Cyber crime generally refers to criminal activity conducted via the Internet. The attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet, and disrupting a country’s critical national infrastructure.

According to the study, which involved interviews with the data protection and IT security practitioners in 45 U.S. organizations, cyber crime is common, intrusive, and can have a significant impact on an organization’s bottom line. Over a four-week period, the 45 organizations surveyed in the study experienced 50 successful attacks per week, or more than one successful attack per organization per week. This resulted in a median annualized cost of $3.8 million per organization per year, with costs for the complete benchmark sample ranging from $1 million to nearly $52 million.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “Through actions such as the appointment of a chief information security officer (CISO), the rollout of an enterprise security strategy, and investments in technologies capable of addressing sophisticated threats and managing complex security events, companies are able to reduce the financial impact of cyber crime.”

Additional key findings of the study include:

• The most costly cyber crimes are those caused by web attacks, malicious code, and malicious insiders, which account for more than 90% of all cyber crime costs per organization on an annual basis.
• Cyber attacks can be costly if not resolved quickly. In the sample, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day.
• Detection and recovery are the most costly internal activities. On an annualized basis, detection and recovery combined account for 46% of the total internal activity cost, with labor representing the majority of these costs.
• Detection and recovery costs from cyber attacks can be mitigated by deploying enabling technologies and enterprise threat and risk management (ETRM) solutions.

The First Annual Cost of Cyber Crime Study was conducted in early 2010 from a survey of 45 U.S. organizations representing a cross section of markets. The study focused on the direct, indirect, and opportunity costs that resulted from loss or theft of information, disruption to business operations, revenue loss, and destruction of property. These costs included what was spent on the detection, investigation, containment, recovery, and post-act response.

For a copy of the complete Ponemon study, visit http://www.arcsight.com/library/download/ponemon-2010-cost-of-cyber-crim...