The cost of malware and malicious insider cyberattacks grew 12% in 2018 compared to the previous year, according to a report by Accenture and the Ponemon Institute. The two types of exploits now constitute one-third of company cybersecurity costs, the “Cost of Cybercrime Study” says.
The report found that malware and malicious insider attacks jumped 11% and 15%, respectively. The former now costs U.S. companies an average of $2.6 million annually and the latter $1.6 million. The combined totals equate to one-third of the $13 million average cybersecurity costs to companies, which is $1.3 million more than in 2017. The cost of phishing and social engineering attacks increased to $1.4 million on average.
The report was based on input from more than 2,600 security and IT professionals at 355 organizations around the world. Other findings include:
- In 2018, surveyed companies each recorded an average of 145 cyberattacks — resulting in the infiltration of a company’s core networks or enterprise systems — an 11 percent increase over 2017 and 67 percent higher than five years ago.
- Malware is the most expensive type of attack, costing companies US$2.6 million, on average, followed by web-based attacks, at US$2.3 million.
- The number of organizations experiencing ransomware attacks increased by 15 percent in 2018, with the costs increasing 21 percent, to approximately US$650,000 per company, on average. The number of ransomware attacks more than tripled in the past two years.
- Six in seven companies (85 percent) experienced phishing and social engineering cyberattacks in 2018 — a 16 percent increase over 2017 — and three-quarters (76 percent) suffered web-based attacks.
- Automation, orchestration and machine-learning technologies were deployed by only 28 percent of organizations — the lowest of the technologies surveyed — yet provided the second-highest cost savings for security technologies overall, at US$2.9 million.
Security threats indeed are growing. In December, Nokia’s Threat Intelligence Report 2019 said that IoT botnet activity accounted for 78% of malware detection in events for CSPs in 2018, a huge increase from the 33% figure in 2016.