The cost of UK insider cyber crime
HP key data points from the US research on cyber crime over the past few years.
Key findings for the UK include:
• Cyber crimes are costly. The average annualised cost of cyber crime for the 38 UK organisations surveyed is £2.1 million per year, with a range of £.4 million to £7.7 million
• Cyber crimes are intrusive and common occurrences. Companies experienced 41 successful attacks per week or 1.1 successful attacks per organisation per week
• The most costly cyber crimes are those caused by malicious insiders, denial of services, and malicious code. Mitigation of such attacks requires enabling technologies such as SIEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions
• All industries fall victim to cybercrime, but to different degrees. The average annualised cost of cyber crime appears to vary by industry segment, where defence, utilities and energy and financial service companies experience higher costs than organisations in hospitality, retail and education
• Cyber attacks can get costly if not resolved quickly. Results show a positive relationship between the time to contain an attack and organisational cost. The average time to resolve a cyber attack was 24 days, with an average cost to participating organisations of £135,744 over this 24-day period. Results show that malicious insider attacks can take more than 50 days on average to contain