Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Study says cost of cybercrime rose 6 percent in 2012

Study shows an annualized average loss of $8.9 million

There was a time when the enterprise might ensure its safety from electronic risks using a basic anti-virus program and the vigilant eyes of an IT intern. But in a world of constant cyber-risk, those days are long gone, and the need for specialists and investment is increasing.

A recent study sponsored by HP and conducted by the Ponemon institute showed that cybercrime damages are a multi-million dollar threat to enterprises and it can require considerable investment to reduce their risk.

According to the study, “average annualized cost of cybercrime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.”  The cost was calculated by adding the amount of money that was invested to reduce the risk of attacks to the actual amounts of income these risks jeopardize. The results of the study also stated that the frequency of attacks had marginally increased, with roughly 1.8 successful attacks per week.

Large enterprises were most typically attacked by complicated denial-of-service and Web-based attacks and by malicious insiders facilitating or conducting damage for monetary gain.

And while that old anti-virus software likely won’t be of use to enterprises, the study showed that smaller companies were more likely to be subject to basic attacks that could be caught and mitigated through relatively inexpensive means. Attacks like viruses and trojans, which rely on a user actively downloading them, were common in smaller companies, as were password phising attempts, malware, and good-old fashioned device thievery. 

The study recommended that, while the investment can be expensive, enterprises seek out technologies designed to monitor and predict attacks to prevent the loss of critical IP and damage to infrastructure that facilitates business.

Executive Editor

author image

Chris DiMarco

Chris DiMarco, Executive Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.