Ponemon Institute’s recently released 2015 Cost of Cyber Crime Study: United Kingdom – the fourth such annual study for this country – has determined that the mean annualised cost of cyber crime to large organisations in the UK is now £4.1 million per year, a year-on-year increase of 14%.
While it’s important to note that these figures relate to only 39 benchmarked organisations in the UK, each with a minimum of approximately 1,000 “connections to the network and enterprise systems”, Ponemon’s methodology examines the incidents in question in considerably more detail than many broader-reaching reports, so the wider lessons that can be drawn from the report are arguably of greater use to other industries.
All Internet-facing organisations are equally at risk of cyber attack, as we know, so everyone can take something from Ponemon’s analysis:
Costs vary by organisational size, industry segment and type of attack.
Small organisations “incur a significantly higher per capita cost than larger organisations (£1,014 versus £232)”; “organisations in financial services, energy and utilities and communications experience substantially higher cyber crime costs than organisations in retail, public sector and education and research”; denial-of-service attacks, malicious insiders and web-based attacks “account for an average of 49% of all cyber crime costs per organisation”.
The longer it takes to resolve a cyber attack, the more costly it is.
The “average time to resolve a cyber attack was 31 days, with an average cost to participating organisations of £358,796”; “malicious insider attacks can take more than about 70 days on average to contain.”
Employing enterprise-wide security practices reduces the cost of cyber crime.
Cyber crime costs are “moderated by the use of security intelligence systems” by an average “of more than £1.3 million”, and companies that employ “certified and expert personnel” will realise an average cost saving of £911,215.
Enterprise-wide information security best practice
The modern cyber threat landscape is such that all sensible organisations must accept the inevitability of a cyber attack and prepare accordingly. One recommended way of reducing the cost of cyber crime is to align your cyber security efforts with an international standard such as ISO 27001. This standard sets out the requirements of an ISMS (information security management system) – an enterprise-wide approach to information security that encompasses people, processes and technology.
An ISO-27001 compliant ISMS provides a risk-based approach to information security that enables organisations of all sizes, sectors and locations to mitigate the risks they face with appropriate controls, thereby reducing the potential cost of cyber attacks as outlined in the Ponemon Cost of Cyber Crime Study.
ISO 27001 is recognised the world over, and certification to the Standard demonstrates to customers, stakeholders and staff that cyber security best practices are being followed in the organisation.
IT Governance is unique in its ability to provide total cyber security packages including standards, tools, books, training, and online consultancy and support that allow all organisations to implement an ISMS with the minimum of disruption and difficulty.
Starting at only £380, IT Governance’s fixed-price ISO 27001 Packaged Solutions provide unique information security implementation resources for all organisations, whatever their size, budget or preferred project approach.