Cost of cybercrimes climbs to $6.8m per firm in Japan, $3.4m in Australia

Average annual cost of cybercrime per organisation for seven countries clocks at $7.7 million in 2015, with companies taking 46 days to resolve a cyber attack, reveals a HP-Ponemon Institute study.
Written by Eileen Yu, Senior Contributing Editor

The average cost of cybercrime per organisation a year across seven countries has increased to $7.7 million in 2015, with companies taking 46 days to resolve a cyber attack.

According to a study commissioned by Hewlett-Packard and conducted by Ponemon Institute, the average annualised cost of cybercrimes in Japan, for instance, climbed 14 percent to an estimated $6.81 million. In Australia, this figure increased 13 percent to $3.47 million, revealed the annual study, which sampled 60 respondents in the two markets.

Globally, the study surveyed 252 companies across the seven markets including Germany, Brazil, the US, the UK, and the Russian Federation, analysing 1,928 cyber attacks to measure the total cost.

HP noted that cybercrime costs varied according to the size of the organisation, with smaller companies incurring a significantly higher per capita cost compared to large enterprises.

Businesses also were taking more time to resolve cybercrimes, with those in Australia needing 31 days to do so, while their peers in Japan took 26 days. These were an increase of 8 days for Australia and a day for Japan compared to last year's findings. Malicious insider attacks took longer to resolve, with companies in Australia requiring an average of 50 days and Japan needing 37 days.

In Japan and Australia, denial of service (DoS) and malicious insider attacks were the most costly cybercrimes. Down Under, business disruption accounted for the highest external cost at 38 percent of total cost per year, followed by costs associated with data loss.

In Japan, data theft was the highest external cost at 48 percent of the total cost, followed by costs associated with business disruption.

According to the study, recovery and detection were the most costly internal activities in both countries. Australia respondents said this accounted for 48 percent of their overall internal activity cost per year, while Japan estimated it to be 53 percent of their total internal cost.

Matthew Shriner, HP's director of enterprise security products for Asia Pacific, Japan, Europe, Middle East, and Africa, said: "As organisations increasingly invest in new technologies like mobile, cloud, and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand.

"To address this challenging dynamic, we must first understand the threats that pose the most risk and then prioritise the security strategies that can make a difference in minimising the impact," Shriner said.

According to the study, organisations were spending on average 19 percent of their security budget on the application layer, up from 16 percent last year.

Across all seven countries, US respondents reported the highest total average cost of cybercrimes at $15 million per organisation, while their Russian Federation counterparts reported the lowest at $2.4 million.

Editorial standards