Dive Brief:
- Cybercrimes increased 62% in the last five years, and global malware attacks were the most expensive, costing companies up to $2.4 million per attack, according to the 2017 Accenture cybercrime cost report. The report surveyed almost 2,200 security and IT professionals in 254 international companies.
- Cybercrimes cost businesses about $11.7 million per year, a 23% increase over 2016's $9.5 million. Security breaches increased 27% to 130 incidents annually. Ransomware attacks doubled in frequency and saw an average of 23 days dedicated to "resolve" each attack.
- U.S. companies paid the highest cybercrime cost at about $21.22 million. The financial industry was hit the hardest, followed by the utility and energy, defense and technology industries, according to the report.
Dive Insight:
Cybersecurity made a huge impact in 2017. After back-to-back-cyberattacks occurred earlier this year many companies were forced to restructure security strategies. May's WannaCry malware attack infiltrated networks through an outdated software vulnerability, highlighting the need for more vigilant software updates and maintenance.
Nyetya struck soon after WannaCry, and although it was disguised as ransomware, Nyetya was a wiper that destroyed data even after a ransom was paid. Shipping giant Maersk's global operations were temporarily dismantled by the attack, and FedEx lost $300 million in operating income.
Lost information accounts for most costs companies face following a cybercrime or data breach and additional legal costs are also common. Equifax is facing numerous legal and financial ramifications following its data breach of 143 million U.S. consumers.
Savvy hackers are taking advantage of an understaffed security workforce and using trusted applications as an entry point into company networks. A lack of proper companywide security practices often results in phishing schemes and fake CEO emails — which cost companies about $5.3 million in the last three years.
It's up to companies to remain vigilant on cybersecurity efforts in infrastructure and software surveillance and maintenance. Federal agencies also need to reexamine patchwork efforts and potential gains hackers can receive from network intrusion.