The cost of cybercrime has risen 62% over the past five years, costing each organization some $11.7 million per year, according to a joint report from Accenture and the Ponemon Institute report released Tuesday.
The Cost of Cyber Crime Study, announced in a joint press release, was built on the survey results of some 2,182 security and IT professionals in 254 organizations globally. According to the release, the cost of cybercrime in 2016 was $9.5 million, meaning it has jumped 23% over the past year alone.
Malware takes the title for the most expensive attack per individual incident. Each malware infection that happens costs the victim $2.4 million, on average, the release said.
Despite the costs associated with cybercrime, loss of information was the most damaging result of an attack, the release said. Some 43% of respondents listed it was the biggest burden in the wake of an attack.
“The foundation of a strong and effective security program is to identify and ‘harden’ the most-high value assets,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in the release. “While steady progress has been made in improving cyber defense, a better understanding of the cost of cyber crime could help businesses bridge the gap between their own vulnerabilities and the escalating creativity – and numbers – of threat actors.”
Another interesting point from the report was the sheer number of breach a company experienced on average. In the release, the firms noted that a company will suffer 130 breaches per year, on average, marking a 27.4% increase from last year. “Breaches are defined as core network or enterprise system infiltrations,” the release said.
The two sectors with the highest average cost of attacks were the financial services and energy sectors. Attacks on financial sector cost an average of $18.28 million per year, while attacks on the energy sector cost $17.20 million.
It’s also taking longer for businesses to fix the issues caused by cyberattacks, the release said. For example, incidents that involve malicious insiders take 50 days to mitigate, on average, the release said. Ransomware attacks take 23 days.
“Keeping pace with these more sophisticated and highly motivated attacks demands that organizations adopt a dynamic, nimble security strategy that builds resilience from the inside out – versus only focusing on the perimeter – with an industry-specific approach that protects the entire value chain, end-to-end,” Kelly Bissell, managing director of Accenture Security, said in the release.