The growing cybercrime costs the global economy over $1 trillion, according to the report of McAfee. McAfee, a computer software company wanted to observe the losses of cybercrime differently. They joined together with the Center for Strategic and International Studies (CSIS) to investigate the cost of cybercrime to the US and world economy.
The research aggregates the response of IT firms from countries: France (200), Australia (200), Japan (200), Canada (200), Germany (200), the UK (200), and the US (300) through interviewing 1500 IT decision-makers.
The number their report revealed has captured the attention of IT organizations. The cybercrime cost of 2020 nearly doubled from the last two years. Its 2018 report stated that cybercrime was tapping $600 billion from the world economy.
Scary, isn’t it? In this digital world, cybercrimes are becoming more complex than ever before.
Cybercrimes Become More Dangerous
The researchers noticed a wave in a range of cyberattacks, including phishing, ransomware, email takeovers, cryptocurrency theft, and spyware. They also figured out it takes about 19 hours for most companies to remediate a discovered security incident. This, generally, involves restoring services, removing the exploited threat, and rescuing lost data. Businesses also involve an average of eight people to identify and respond to a security incident.
The main reason behind increasing the cost of addressing security incidents is that cyberattacks are moving away from straightforward malware-based attacks – the attack is just on the device where the incident was executed. In this case, quarantining the infected machine is more than enough to stop spreading. However, this is not the case anymore with today’s more sophisticated attacks.
The officials of McAfee found a more dangerous attack where the attacker gets the chance to spend more time in the victim’s environment and move around freely. As such, they could infect multiple systems as well as steal more data.
The most common attack they observed was credential theft, which combines both human and machine capabilities to execute an incident, and the organization was left naive about the scope of this breach. It demands more expensive and in-depth investigation to remediate the attack successfully – when a human is involved in cybercrime, no one can predict, to what extent that the human can go, so companies need to look for all the possibilities within their organization.
The increased remote working due to the COVID-19 pandemic also proved the major changes these days. As the companies are relying on cloud technology and online services, the attackers have a much bigger threat surface to work with compared to the traditional business environment.
Cybercrime Costs Business Beyond Financial Costs
The McAfee report further discovered the hidden cost and lasting damage the cyber incidents can have on an enterprise. The cost of cybercrime accounts for at least 75% of losses in financial and intellectual property. Conversely, 92 % of participants reported negative impacts can also include:
- System Downtime – Around 2/3rd of organizations faced system outages due to security incidents. The average cost of system downtime is a whopping $762,231 in 2019. 33% of surveyed respondents claimed that the downtime resulting due to cybersecurity incidents cost them between $100,000 and $500,000.
- Reduced Efficiency – Reduced efficiency is another important organization loss. Because of the outage, the report found that businesses lose up to 19 hours. An average of 9 working hours per week leads to reduced efficiency.
- Incident Response Costs – On average, most organizations spend 19 hours to move from the threat or compromise detection to remediation services. Most sophisticated attacks require assistance from external security service providers with high rates. Each minute the firm wasted on these activities increases the cost that might spend addressing actual threats.
- Brand and Reputation Damage – Security incidents can be costly, resulting in a regulatory fine. Moreover, the warning that gets the attention of the CEO or CFO on cybersecurity is “this is losing money.” On closer inspection of this report, it could be argued that brand and reputation damage can be a great impact. 26% of organizations faced long term damage to their company reputation as they had failed to defend their system downtime.
Yet Companies Remained Unprepared
Organizations and security executives know about security risks. Are they prepared for all its dimensions?
Another worrisome finding from this survey is that 56% of surveyed organizations said they don’t have a plan to prevent and respond to a security incident. Further, out of the 951 firms which had a response plan, only 32 % are confident about their response plan.
Through worldwide spending on security products has enjoyed solid growth in recent years, there are still many firms that don’t even have an in-house security team or an external managed service provider assisting to oversee what is happening inside their system or at least to handle enough maintenance of their devices.
An Ounce of Prevention – How Does It Result in Cost-Saving?
Quick detection and mitigation of a security breach can reduce the cost associated, but effective prevention is far more cost-effective. Organizations, which can prevent breaches avoid not only the direct costs associated with mitigation, but also the hidden costs.
Ponemon Institute finds that a firm that effectively prevents cyberattack penetration can save up to $1.4 Million based on the type of incident.
For example, the study revealed that around 82% of expenses went towards attack detection, containment, recovery as well as prevention. As such, if that security incident is prevented with effective strategies; the total spent could have been saved.
The table highlights the key finding from the report:
Data Source: Ponemon
The effective adoption of a security prevention solution would result in substantial cost reduction while requiring lower overall investment.
What Can Companies Do?
Here are the cybersecurity best practices for management, operational, and technical controls:
- Classify and encrypt data through SSL encryption and protect sensitive data from unauthorized access
- Enforce multi-layered defense with depth-architecture based on extensive compliance, governance, and privacy programs to protect your mission-critical information from being accessed by intruders
- Create an effective incident response plan, hire an incident response team, and consistently perform vulnerability scans to make improvements
- Invest in technology like cloud-based web application firewalls (WAF) to protect your web applications in the cloud and reduce your incident response cost and time
- Respond to threat more efficiently with virtual patching
Do you have all these basic security needs sorted? If not, we are here to assist you. At Indusface, we are committed to assisting businesses to avoid the damaging effects of a security breach. We help you to
- Detect and protect your assets
- Identify security loopholes
- Address incidents more effectively
- Respond effectively and get back to business in no time
We offer a comprehensive, cloud-based product, Indusface’s AppTrana, which touches on all factors of threat detection as well as recovery.
Do all these cybersecurity prevention best practices and that is how you feel prepared!