1、NINTH ANNUAL COST OF CYBERCRIME STUDY UNLOCKING THE VALUE OF IMPROVED CYBERSECURITY PROTECTION Independently conducted by Ponemon Institute LLC and jointly developed by Accenture THE �����COST OF CYBERCRIME CONTEN�����TS Foreword 4 The Cybercrime Evolution 6 Nation-state, Supply Chain and Information Threats
2、6 New Risks from Innovation and Growth 8 Humans Are Still the Weakest Link 9 Benchmarking Cybersecurity Investment 10 M������ore Attacks and Higher Costs 10 The Value at Risk from Cybercrime 14 Assessing Levels of Investment 15 Improving Cybersecurity Protection 17 Every Type of Attack Is More Expensive 1
3、7 The Impact of Cyberattacks Is Rising 18 Targeted Investments Tackle Cy�����bercrime 21 Security Technologies Can Make a Difference 24 Unlocking Cybersecurity Value 27 Three Steps to Unlock Cybersecurity Value 27 About the Research 30 Frequen�������tly Asked Questions 30 Framework 32 Benchmarking 36 Sample 38
4、Limitations 41 Contact Us 4�����4 The ninth annual cost of cybercrime study helps to quantify the economic cost of������� cyberattacks by analyzing trends in malicious activities over time. By better understanding the impact associated with cybercrime, organizations can determine the right amount of investment
5、in cybersecurity. Looking back at the costs of cybercrime to date is helpfulbut looking forward, so that business leaders know������� how to best target their funds and resources, is even more beneficial. This report does just that. By unde�������rstanding where they can achieve value in their cybersecurity effor
6、ts, business leaders can minimize the consequencesand even prevent future attacks. OUR STU�������DY HELPS ORGANIZATIONS TO ADDRESS ONE OF SECURITYS BURNING PLATFORMS. WE REVEAL HOW IMPROVING CYBERSECURITY PROTECTION CAN REDUCE TH������E COST OF CYBERCRIME AND OPEN UP NEW REVENUE OPPORTUNITIES TO UNLOCK ECONOMIC
7、VALUE. FOREWORD Kelly Bissell Global Managing Director������ Accenture Security Larry Ponemon Chairman and Founder Ponemon Institute researchp������onemon.org We are delighted to share with you this ninth edition of the Cost of Cybercrime study. Our extensive research includes in-depth interviews from more than
8、 2,600 senior security professionals at 355 organizations. Inside, you will find insights that are relevant to security professionals and business leaders to help us all better protect our organizatio������ns. We believe these findings, together with our experience and recommendations, can help executives
9、 to innovate safely and grow with confidence. As industries evolve and disrupt the current environment��������, threats are dramatically expanding while becoming more complex. This requir��������es more security innovation to protect company ecosystems. The subsequent cost to our organizations and economies is subs
10、tantial and growing. My team and I are always on hand to discuss what the latest trends mean to your business. Read on to find out what it is taking to protect �����your organization today and how you can convert your cybersecurity strategy to achieve greater value for tomorrow. Once again, the Ponemon I
11、nstitute is delighted to work with Accenture Security on this comprehensive Cost of Cybercrime Study. From a relatively modest s������tart, we have now grown the scope of our research ������to include 11 countries and 16 industry sectors. We have extended our research timeline, too. This year, we have collabora
12、ted with Accenture to model the f������inancial impact of cybercrime across these industries over the next five yearsto get a better understanding of how cybersecurity strategies can make a difference in the future. We feel sure that this report will be a useful guide as you attempt to navigate the cyber
13、threatscape. We know that our work is being actively used today by prestigiou������s organizations, such as the World Economic Forum and the United States Government, to help shape defenses. The Ponemon Institute is proud to team �������with Accenture to produce these research findings. We believe this report no
14、t only illustrate�����s our joint commitment to keeping you informed about������ the nature and extent of cyberattacks, but also offers you practical advice to improve your cybersecurity efforts going forward. FEW ORGANIZATIONS TO REDUCE THEIR OVERALL COST OF CYBERCRIME. WHAT IF THEY COULD ALSO OPEN UP NEW REV
15、ENUE OPPORTUNITIES AT THE SAME TIME? Our Cost of Cybercrime study, now in its ninth year, offer�������s that enticing prospect. In this report we show how better protection from people-based attacks, placing a priority on limiting information loss, and adopting breakthrough security technologies can help t
16、o make a difference. 4 NINTH ANNUAL COST OF CYBERCRIME STUDY THE CYBERCRIME EVOLUTION The Cost of Cybercrime study combines research across 11 countries in 16 industries. We interviewed 2,647 seni������or leaders from 355 companies and drew on the experience and expertise of Accenture Security to examine
17、the economic impact of cyberattacks. In an ever-changing digital landscape, it is vital to keep pace with the trends in cyber threats�������. We found that cyberattacks are changing due to: Evolving targe���ts: Information theft is the most expensive and fastest rising consequence of cybercrimebut data is not
18、 the only ������target. Core systems, such as industrial control systems, are being hacked in a powerful move to disrupt and destroy.1 Evolving impact: While data remains a target, theft is not always the outcome. A new wave of cyberattacks sees data no longer simply being copied but being destroyedor cha
19、ngedwhich breeds distrust. Attacking data integrity is the next frontier.2 Evolving techniques: Cybercriminals are adapting their attack methods. They are us�����ing the human layerthe weakest linkas a path to attacks, through increased phishing and malicious insiders.3 Other techniques, such as those em
20、ployed by nation-state attacks to target commercial businesses, are changing the nature of recovery, with insurance companies trying to classify cyberattacks as an “ac��������t of war” issue.4 Lets take a closer look at the challenges we face as cybercrime evolves: NATION-STATE, SUPPLY CHAIN, AND INFORMATIO
21、N THREATS Organizations of all sizes, geographic locations and industries globally have been plagued by the financial, reputational and������ regulatory consequences of cyb������ercrime. In the last year, we saw a significant rise in economic espionage, such as the theft of high-value intellectual property by n
22、ation-states. Exten������ded supply chain threats are also challenging organizations broader business ecosystem. Cyberattackers have slowly shifted their attack patterns to exploit third- and fourth-party supply chain partner environments to gain entry to target systemsincluding industries with mature cyb
23、ersecurity standards, frameworks, and regulations. New regulations aim to h��������old organizations and their executives more accountable in the protection of information assets and IT infrastructure. The General Data Protection Regulation (GDPR) came into force on May 25, 2018 with potential fines up to U
24、S$23 million (20 million) or four percent of annual global revenues. The French data regulator (CNIL) �����issued the largest GDPR fine so farUS$57 million (50 million). Similar Information theft is the most expensive and fastest rising consequence of cybercrime. 1. The Journey to Sustainable NERC CIP Co
25、mpliance, Accenture. 2. Technology Vision 2019, Accenture. 3. Securing the digital economy, Accenture. 4. Cyber Threatscape Report 2018, Midyear Cybersecuri������ty Review, Accenture. 6 NINTH ANNUAL COST OF CYBERCRIME STUDYNINTH ANNUAL COST OF CYBERCRIME STUDY 7 THE CYBERCRIME EVOLUTION regulations, such
26、as the California Consumer Privacy Act (CCPA), impose smaller fines (US$7,500���� per violation) but highlight the increasing regulatory risks for businesses globally. NEW RISKS FROM INNOVATION AND GROWTH According to the Accenture report “Securing the Digital Economy,”5 businesses have never been more
27、dependent on the digital economy and the Internet for growth. Fewer than one in four companies relied on the Internet for their business operations 10 years ago; now, it is 100 percent. A trustworthy digital economy is critical to their organizations future growth according to 90 percent of ���business
28、 leade�����rsbut the drive for digital innovation ������is introducing new risks. While Internet dependency and the digital economy are flourishing, 68 percent of business leaders said their cybersecurity risks are also increasing. Almost 80 percent of organizations are introducing digitally fueled innovation
29、faster than their ability to secure it against cyberattackers. No wonder, then, that cyberattacks and data fraud or theft are now two of the top five����� risks CEOs are most likely to face according to the latest World Economic Forum report on global risks.6 HUMANS ARE STILL THE WEAKEST LINK Whether by
30、accident or intent, many employees are often the root cause of successful cyberattacks. Executives polled in the Accentur�������e 2018 State of Cyber Resilience survey identified the accidental publication of confidential information by employees and insider attacks as having the greatest impact, second on
31、ly to����� hacker attacks in successfully breaching their organizations.7 Today, the security function is la������rgely centralized and its staff are rarely included when new products, services, and processesall of which involve some sort of cyber riskare being developed. Such a siloed approach can result in a
32、 lack of accountability across the organization and a sense that security is not everyones responsibility. Only 16 percent of CISOs said employees in their organizations are held accountable for cybersecurity today. Providing ongoing training and skill reinforcementfor inst�������ance, with phishing testsi
33、�������s essential, alongside training and education. Employees need the tools and incentives to help them to define an�����d address risks. New work arrangementsgreater use of contractors and remote workmake the need for employee training more urgent. Even so, training employees to think and act with security
34、in mind is the most underfunded activity in cybersecur�������ity budgets.8 To embed cybersecurity into the fabric of the organization and be effective against any insider threats, organizations must bring together human resources, learning and development, legal and IT teams to work closely with the securi
35、ty office and business units. Training employees to think and act with security in mind is the most underfunded activity in cybersecurity budgets. 5. Securing the digital economy, Accenture. 6. WEF Global Risks Report 2019. http:/www3.weforum.org/docs/WEF_Gl������obal_Risks_Report_2019.pdf 7. 2018 State o
36、f Cyber Resilience, Accenture. 8. Security Awareness Training Explosion, Cybersecurity Ventures, February 6, 2017. 8 NINTH ANNUAL COST OF CYBERCRIME STUDYNINTH ANNUAL COST OF CYBERCRIME STUDY 9 BEN�������CHMARKING CYBERSECURITY INVESTMENT In the backdrop of this challenging environment, our research reveal
37、s that cybercrime is increasing in size and complexity. Based on the trends������ identified in previous publications, this may not come as a surprise. However, this year our report offers an additional perspectivea forward looking projection of the economic value at risk from future cyberattacks in the n
38、ext five years. MORE ATTACKS AND HIGHER COSTS As the number of cyberattacks increase, and take more time to resolve, the cost of cybercrime continue�����s to rise. In the last year, we have observed many stealthy, sophisticated and targeted cyberattacks against public and private sector organizati�������ons. Co
39、mbined with the expanding threat���� landscape, organizations are seeing a steady rise i������n the number of security breachesfrom 130 in 2017 to 145 this year (see Figure 1). For purposes of this study, we define cyberattacks as malicious activity conducted against the organization through the IT infrastruc
40、ture via the internal or external networks, or the Internet. Cyberattacks also include att������acks against industrial control systems (ICS��������). A security breach is one that results in the infiltration of a companys core networks or enterprise systems. It does not include the plethora of attacks stopped by
41、 a companys firewall defenses. The impact of these cyberattacks to organizations, industries and society is substantial. Alongside the grow������ing����� number of security breaches, the total cost of cybercrime for each company increased from US$11.7 million in 2017 to a new high of US$13.0 milliona rise of 1
42、2 percent (see Figure 2). Our����� detailed analysis shows that Banking and Utilities industries������� continue to have the highest cost of cybercrime across our sample with an increase of 11 percent and 16 percent respectively. The Energy sector remained fairly flat over the year with a small increase of four
43、 percent, but the Health industry experienced a slight drop in cybercrime costs of eight percent����� (see Figure 3). +11% =67% Increase in the last year Increase i�������n the last 5 years FIGURE 1 The increase in security breaches 130 145 Average number of security breaches in 2017 Average number of security
44、breaches in 2018 +12% =72% Increase in the last year Increase in the last 5 years FIGURE 2 The increase in the annual cost of cybercrime $11.7 m $13.0m Average ������cost of cybercrime in 2017 Av����erage cost of cybercrime in 2018 10 NINTH ANNUAL COST OF CYBERCRIME STUDYNINTH ANNUAL COST OF CYBERCRIME STUDY
45、11 BENCHMARKING CYBERSECURITY INVESTMENT FIGURE 3 The ave�������rage annual cost of cybercrime by industry F������IGURE 4 The average annual cost of cybercrime by country Our country analysis included Brazil, Canada, Singapore and Spain for the first time. For the other countries, the United States continues to
46、top the list with the average annual cost of cybercrime increasing by 29 percent in 2018 to reach �����US$27.4 million. But the highest increase of 31 percent was experienced by organizations in the United Kingdom which grew to US$11.5 million, closely followed by Japan which increased by 30 percent in 2
47、018 to reach US$13.6 million on average for each organization. The increase in Germany was conside�������rably lower than 2017. German companies made significant technology investments in 2017possibly driven by preparati������ons for the introduction of GDPRthus driving costs up at a higher rate than all other c
48、ountries. This has now reverted to more historical levels of investment (see Figure 4). Our analysis of almost 1,000 cyberattacks highlighted malware as the most frequent attacks overall and, in many count�����ries, the most expensive to resolve. People-based attacks show some of the largest increases ov
49、er the year. The number of organizations experiencing ransomware attacks increased by 15 percent over one year and have more than tripled in frequency over two years. Phishing and social engineering attacks are now experienced by 85 perc������ent of organizations, an increase of 16 percent over one yearwhich is a concern when people continue to be a weak link in cybersecurity defense. 842 Utilities Banking Software Automotive Insurance High tech Capital markets Energy US Federal Consumer goods
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
