Cybercrime costs companies dearly

Cape Town – Cybercrime has a devastating impact on the bottom line of large companies, new research has found.

According to the research by B2B International in conjunction with Kaspersky Lab, the average cost of security breach at a large firm is $649 000.

The 2013 Global Corporate IT Security Risks painted a bleak picture of the security threat landscape as it affects companies at a time when many are concerned about the integrity of data, particularly when it is stored in an online database.

To get an accurate estimate of the damage from a cyber attack, B2B considered losses from the actual attack – including the loss of intellectual property and the ability of the company to continue business operations.

Other costs were then added to the total. These costs may include the hiring of experts to prevent future attacks and hardware updates.

Largest losses

“After crunching the numbers, it appears that the lion’s share of losses are caused by the incident itself – lost opportunities and profits, as well as payments to third-party remediation specialists, average out at $566 000,” said Kaspersky.

While costs of damage varied widely depending on the kind of company targeted and the operational dynamic of a particular firm, the survey found that organisation operating in the US incurred the largest losses at an average of $818 000.

The average in Europe was lower at $627 000 but the lowest overall was in Russia at $21 000.

The report found that some companies are reluctant to report incidents of intrusion.

“A leak of sensitive data often means that the affected company must publicly disclose information about the incident.
About 73% of respondents stated that they had to distribute information about an incident because a third party had demanded that they do so,” the report said.

The survey found that 15% of companies report a data breach to the media, while 44% report it to affected customers and clients.

Targeted attacks

Attacks on companies have become targeted in recent years and hackers have begun using specialist tools to infiltrate networks.

“Of those 415 investigations we conducted last year, the vast majority we saw in each of those cases was bespoke so it wasn’t something that was off the shelf or that was used in many different organisations – it was written with a very specific purpose in mind and was only used once,” John Yeo EMEA director at Trustwave told News24.

He said that signature-based antivirus software that was deployed to stop malware could not cope with this kind of attack.

“Signature-based antivirus hasn’t got a hope of being able to detect it and any organisation that thinks ‘I’ve got antivirus deployed on my mission critical systems and if the worst case scenario happens, I’m going to detect it,’ that’s not going to happen.”

The survey found that malware made up the largest portion of attacks at 22% though accidental data leaks by staff (10%) and flaws in existing software (11%) were also significant factors.

According to the survey, malware, viruses and worms made up 66% of IT threats, significantly higher than spam (61%), phishing (36%).