Targeted attacks cost companies an average of $200k

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.scmagazine.com/targeted-attacks-cost-companies-an-average-of-200k/article/242333/

The result of not bulking up information security efforts could cost
companies more than $200,000, a study reveals.

Independently conducted by the Ponemon Institute, the "Impact of
Cybercrime on Businesses" survey states that targeted attacks cost
enterprises an average of $214,000. The expenses are associated with
“forensic investigation, investments in technology and brand recovery
costs.”

The report polled 2,618 C-level executive and IT security personnel
from the United States, United Kingdom, Germany, Hong Kong and Brazil.
Its purpose was to identify commonalities among the countries relating
to security.

While the average cost of one successful attack for U.S. companies has
an extrapolated value of $276,671, Germany came in with the highest
estimated cost for an average cyber attack at $289,359, the study
found.

Even as hacktivism continues to make headlines, Scott Emo, head of
endpoint product marketing at Check Point Software Technologies, which
commissioned the survey, said the findings still indicate it is all
about financial gain for saboteurs.

According to 65 percent of respondents, financial fraud is believed to
be the primary motive for targeted threats, followed by customer data
theft and disruption of business operations, which could lead to
monetary gain for the attackers.

“The main motivation for cyber crime is still good old-fashioned
thievery,” Emo said on a phone call Friday with SCMagazine.com.
“They're after the money.”

Additionally, the report stated that a majority of companies are
concerned with the use of personal mobile devices in the workplace ,
including smartphones and tablets. Each country involved in the survey
revealed bring-your-own-device to be the most worrisome threat vector.

Although the security landscape is continuously evolving, 64 percent
of respondents said their companies currently have training and
awareness programs in place to aid in preventing attacks. The level of
concern expressed by C-level executives have caused companies to
implement security precautions and technology to diminish risks
associated with targeted attacks, Larry Ponemon, chairman and founder
of the Ponemon Institute, said in a statement released by Check Point.

“While the types of threats and level of concern companies have may
vary across regions, the good news is that security awareness is
rising,” Ponemon said.

Of the security participants surveyed, various industries were
represented, but financial services, retail, health and
pharmaceuticals, and the public sector contributed half of the
results.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.