Threat Management

Study: Average cost of U.S. cybercrime rises to $12.7 million in 2014

The cost of cybercrime rose again this year, with the average cost of a crime in the U.S. reaching $12.7 million, compared to $11.56 million reported in 2013, according to a new Ponemon Institute study.

Although this year's “2014 Global Report on the Cost of Cyber Crime,” sponsored by HP Enterprise Security, found that the cost of attacks has risen by 95 percent since 2010, that isn't to say enterprises aren't focusing on security, said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a Wednesday morning email to Instead, the findings reflect just the opposite.

“With organizations now placing a larger focus on their security following the high frequency of large-scale breaches this year, cyber criminals are now getting more creative in how they attack systems,” he said. “As a result of these sophisticated attacks, it now requires more time, energy, and money to locate such attacks and to put a stop to them.”

Through interviews with more than 2,000 participants at 257 companies in seven countries, the researchers also found that American companies are particular targets for malicious code attacks, which were followed closely by denial-of-service and web-based attacks.

The year saw denial-of-service attacks reach $166,545 per incident. It was malicious insiders that topped the list of attacks, costing enterprises around the world about $213,542 per incident, though insiders tend to target Japan more frequently than the other surveyed countries.The year saw global denial-of-service attacks reach $166,545 per incident.

While attacks always incur high costs, the longer they persist, the more companies must spend to counter them. For instance, a typical attack this year lasted about 31 days and averaged a total cost of $639,462. Last year, the average attack was mitigated within 27 days and cost a total of $509,665.

Again, Ponemon attributes this to creative attackers who expend resources to create complex, sophisticated attacks that take time to mitigate.

“It's concerning to know that an unwanted adversary can be lurking in your system for so long, causing costly and reputation-destroying damages without the organization even noticing,” Ponemon said. “This allows the adversary time to invade the system even further and make it more difficult for the organization to eliminate the attack completely.”

As the cost of cybercrime continues to rise, at least for now, Ponemon advised organizations to dedicate funds to the proper security intelligence tools and qualified staff.

“It is critical for organizations to invest in the security of their organization, as that investment could significantly decrease any financial losses that can be incurred from a public security breach,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.