New research conducted by The Ponemon Institute finds that the cost and frequency of cyber-crime has continued to rise consecutively over the last three years, with no signs of slowing down.

The 2012 Cost of Cyber Crime Study conducted by The Ponemon Institute revealed a 42 percent increase in the number of cyber-attacks. Companies experienced an average of 102 successful attacks per week in 2012 compared to 72 attacks per week in 2011, and 50 attacks per week in 2010. 

The study further found that the average annual cost to U.S. companies due to cyber-attacks in 2012 increased to $8.9 million—a six percent increase over the average cost of $8.4 million in 2011, and a 38 percent increase over 2010.

“Organizations are spending increasing amounts of time, money and energy responding to cyber-attacks at levels that will soon become unsustainable,” said Michael Callahan, vice president of worldwide product and solution marketing, enterprise security products for HP.

The most costly cyber-crimes continue to be those caused by malicious code, denial of service, stolen or hijacked devices, and malevolent insiders. When combined, these account for more than 78 percent of annual cyber-crime costs per organization, according to the study.

Information theft and business disruption continue to represent the highest external costs. On an annual basis, information theft accounts for 44 percent of total external costs—a four percent increase from 2011. Disruption to business or lost productivity accounted for 30 percent of external costs, a percent increase from last year.

The most costly internal activities associated with cyber-crime are recovery and detection. On an annual basis, these activities account for almost half of the total internal cost, with operating expenses and labor representing the majority of the total.

Cyber-attacks can prove much costlier if not resolved quickly. In 2012, the average cost incurred during a typical 24-day period to resolve a cyber-attack was $591,780—a 42 percent increase over 2011 estimated average cost of $415,748 during an 18-day average resolution period.

Larry Ponemon, chairman and founder of the Ponemon Institute, said the purpose of the benchmark study is to quantify the economic effect of cyber-attacks and to observe cost trends over time. “We believe a better understanding of the cost of cyber-crime will assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack,” he said.

The deployment of advanced security intelligence solutions “helps to substantially reduce the cost, frequency and impact of these attacks,” said Callahan.

Companies that deployed security information and event management (SIEM) solutions realized a cost savings of nearly $1.6 million per year. As a result, these organizations experienced a substantially lower cost of recovery, detection and containment than organizations that had not deployed SIEM solutions.