Cyber crimes more common and more costly, study finds

The median cost of cyber crimes rose to $5.9 million, up from $3.8 million in 2010, while the number of attacks rose by 44 percent, with at least one large U.S. company a week falling victim, according to a study released Tuesday by the Ponemon Institute, a research group that studies Internet security. Costs to targeted businesses include spending on security experts and investigations, loss of productivity, system software upgrades and the value of stolen intellectual property.

"The fact that costs have increased so substantially suggests that cyber crime issues are getting worse," said Larry Ponemon, chairman of the institute, which looked at 50 large companies in the U.S.

The study found the most expensive cyber crimes to be denial of service, Web-based attacks, malicious code and malicious insiders. The study found attacks are taking longer to resolve on average, 18 days, up from 14 last year, and are costing more as well, more than $415,000 per attack, up from more than $247,000 in 2010.

"The bad guys are getting stealthier, and their attacks are getting harder to detect," Ponemon said.

"We believe a better understanding of the cost of cyber crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack," the study said.

Cyber attacks have been occurring at a record pace in 2011 with the likes of the FBI, the CIA, NATO, News Corp. and Citigroup Inc. among their victims. The study found three companies that spent more than $29 million to resolve cyber attacks, and a large attack on Sony this year is expected to cost the company more than $170 million. Last month, the institute reported that cyber crimes in the first half of this year cost U.S. companies nearly as much as they did in all of 2010.

(c) 2011, Los Angeles Times.
Distributed by McClatchy-Tribune Information Services.