More than $5 trillion in total economic value worldwide is at risk from cyber crime over the next five years, according to a new report on the price of security breaches.
The key to unlocking economic value is to improve cybersecurity protection, keep damage to a minimum and prevent future attacks, the report said. “Few organizations would resist the chance to reduce their overall cost of cyber crime. What if they could also open up new revenue opportunities at the same time?” the authors ask.
The report draws on a survey of some 2,650 senior-level executives at 355 companies, covering 16 industries across 11 countries. It projects the economic value at risk from future cyber attacks in the next five years, concluding that with a spike in incidents and a rise in the time to resolve the damages brings with it higher costs of cyber crime. For example:
- Organizations can expect 145 cyber security breaches this year, up from 130 in 2017, increasing by 11 percent since last year and 67 percent in the last five years.
- The total cost of cyber crime for companies increased from $11.7 million in 2017 to a new high of $13.0 million—a rise of 12 percent in the last year and 72 percent in the last five years, the report said.
- The U.S. tops the list with the average annual cost of cyber crime increasing by 29 percent in 2018 to reach $27.4 million. The U.K. posted the highest increase of 31 percent to $11.5 million, closely followed by Japan, with an increase of 30 percent to $13.6 million on average for each organization.
- Ill-advised security investments may risk economic value. According to the report, the information technology sector has some $753 billion at risk in the next five years, followed by life sciences at $642 billion and $505 billion for the automotive industry.
- Malware is the most expensive attack type for organizations. The cost of malware attacks has increased by 11 percent over the year and the cost of malicious insider attacks has risen by 15 percent.
The report offers three steps for organizations to lower the costs of cyber crime by prioritizing technologies that improve cybersecurity protection:
- Emphasize protecting people-based attacks: Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks as well as malicious insiders.
- Invest to limit information loss and business disruption: Already the most expensive consequence of cyber attacks, this is a growing concern with new privacy regulations such as the General Data Protection Regulation and the California Consumer Privacy Act.
- Target technologies that reduce rising costs: Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.
“The scale and scope of cyber crime is far from waning,” the report said. “Indeed, as digital technologies introduce new vulnerabilities faster than they can be secured, the prospect of beating cyber attackers at their own game diminishes. Even so, by understanding the pattern of evolution in the cyber landscape and adopting an intelligence-based approach, security leaders can invest in the right areas to be ready.”
In addition to its IT consulting services, Accenture is a Top 100 MSSP.