Cybercrime is increasing, takes more time to resolve, and is more expensive for organizations, according to the Ninth Annual Cost of Cybercrime Study released this week by Accenture and the Ponemon Institute.
The average cost of cybercrime for an organization has increased $1.4 million over the past year, to $13.0 million, and the average number of security breaches in the last year rose by 11 percent from 130 to 145.
Cyber attacks are evolving from the perspective of what they target, how they affect organizations, and the changing methods of attack, according to the study, which is based on interviews with 2,647 senior leaders from 355 companies across 11 countries and 16 industries.
Information theft is the most expensive and fastest rising consequence of cyber crime. However, data is not the only target. Core systems such as industrial controls are being hacked in a dangerous trend to disrupt and destroy, the report said.
While data remains a key target, theft is not always the outcome of an attack. A new wave of cyber attacks sees data no longer just being copied but being destroyed or changed, in attempts to breed distrust. Attacking data integrity is the next frontier of cyber threats, the report said.
Cyber criminals such as hackers are adapting their attack methods. They are aiming at the human layer, which the researchers said is the weakest link in cyber defense, through increased ransomware and phishing and social engineering attacks as a path to entry.
- These dogs sniff out cybercrime (CNET)
- How the United Nations helps fight global cybercrime (TechRepublic)
An interesting development is when nation-states and their associated attack groups use these types of techniques to go after commercial businesses. Attempts are now being made to categorize attacks from these sources as "acts of war" in an attempt to limit cyber security insurance settlements.
As cybercrime continues to evolve, organizations are facing an expanding threat landscape that includes malicious nation-states, indirect supply chain attacks, and information threats. At the same time, they are deploying new technologies faster than they can be secured.
The study noted that by improving cyber security protection, organizations can reduce cybercrime costs and realize new revenue opportunities. It suggested three steps enterprises can take to enhance security and reduce losses.
One is to make it a priority to protect against people-based attacks. Countering internal threats is still one of the biggest challenges, the report said, with a rise in phishing and ransomware attacks as well as in malicious insiders.
Another is to invest in tools to limit information loss and business disruption. This is the most expensive consequence of cyber attacks, and is a growing concern with new privacy regulations such as the European Union's General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018 (CCPA).
In addition, organizations should seek to deploy technologies that stem rising costs. That includes using automation, advanced analytics, and security intelligence to manage the rising cost of discovering attacks.