Cyber Crime Costs Companies Millions Every Year - Technologist
Technologist - The FindLaw Legal Technology Blog

Cyber Crime Costs Companies Millions Every Year

FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.

The Second Annual Cost of Cyber Crime Study by the Ponemon Institute makes plain that cyber attacks are not going away and are financially painful for victim companies. Indeed, the median annualized cost of cyber crime for a company is $5.9 million, with a range of between $1.5 million $36.5 million per company. This represents a 56% increase from the 2010 median cost.

It is no wonder that cyber crime comes with a serious price tag for victim companies, as cyber attacks occur on a frequent basis. During just a four-week period, the companies that were part of the study suffered 72 successful attacks per week - a 45% increase from 2010. The vast majority of the attacks consisted of malicious code, denial of service, web-based attacks and stolen devices.

Detection and recovery are the most expensive aspects of internal cyber crime costs, according to the study. This suggests significant cost reduction potential for companies that are able to implement security technology that automates detection and recovery.

Interestingly, the average time to resolve a cyber attack is 18 days, according to the study. Time equals money, because attacks that are resolved earlier are far less costly. And some malicious insider attacks can take as long as 45 days to contain, certainly adding to the bottom line.

The study indicates that companies that deploy advanced security intelligence and risk management measures lessen the impact of cyber crime. The costs of grappling with attacks can be reduced by as much as 25% if such measures are put in place.

It appears that cyber crime is here to stay, and companies need to be smart and fast to mitigate the costs of cyber attacks.

Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is http://www.sinrodlaw.com and he can be reached at ejsinrod@duanemorris.com. To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.

Related Resources: