Hacking continues to be a costly problem for US businesses, according to a Ponemon Institute report released in October 2012. For each the businesses and organizations studied, the average cost of cyber crime is $8.9 million annually, an increase of 6% from last year. The impact, however, can be more severe on a smaller company, because there is a base level of expense to recover from an attack that, as a percentage of revenue, consumes a larger portion of a small business’ resources.
No doubt one of the reasons for the escalating costs is an increasing number of attacks: There were 1.8 successful attacks per business per week this year (companies studied are large), up a staggering 42% from just one year ago.
A majority of the costs stemmed from just three sources: malicious insiders, denial of service attacks, and web-based attacks.
But when measured by frequency, the most common types of attacks were viruses, worms, and Trojans. In fact, 100% of the companies had experienced these. Malware was the second most common attack mechanism, impacting 95% of businesses. (For more about a particularly dangerous form of malware, read our article on the “Universal Man-in-the-Browser” tool.) Nearly half of the firms studied had been attacked as the result of a stolen corporate device.
Of all attack types, those by malicious insiders took the longest to resolve, at an average of 57 days. Breaches caused by viruses, worms, and Trojans took only 2 days to resolve. On average, attacks took 24 days to fix, at an average cost of nearly $27,500 per day.
The kinds of losses suffered by companies in a cyber attack are also varied. In 2012, information loss accounted for 44% of external costs. Business disruption was also high on the list, at 30% of costs.
Among all the activities related to cyber attack response, also known as internal costs, detection took the most resources at 26% of all costs. Other costs were: Recovery at 21%, containment at 15%, and investigation at 13%.
The report also indicates that companies enjoy savings when they install security measures to thwart cyber criminals. These technologies include access governance tools, encryption, and data loss prevention tools.
But even with an aggressive IT security stance, experts agree that a company is still vulnerable to a cyber assault. (Need proof? Read our article about global security giant RSA getting hacked.) It’s not so much an issue of “if” as an issue of “when?”
So while companies need to shore up their digital fortress, they also need to purchase cyber liability insurance in the likely event that the bad guys get in.
We at INSUREtrust have been cyber liability insurance experts for over 15 years, and every day we help large and small businesses obtain the right policies for their particular needs.
Internet insurance doesn’t have to be expensive, but it is money well spent. The premium cost for a cyber insurance policy can be as little as $1000 for a $1 million policy limit.
Over the past ten years, INSUREtrust has written more than $100 million in premiums and paid more than $30 million in claims. Insurers are looking for business and we can find competitive pricing and terms for almost any risk.