Study also finds sharp rise in frequency and cost of ransomware attacks
NEW YORK–(BUSINESS WIRE)–The cost to companies from malware and “malicious insider”-related
cyberattacks jumped 12 percent in 2018 and accounted for one-third of
all cyberattack costs, according to new research published today by
Accenture (NYSE: ACN) and the Ponemon Institute.
Based on interviews with more than 2,600 security and information
technology (IT) professionals at 355 organizations worldwide,
Accenture’s 2019 “Cost
of Cybercrime Study” found that the cost to companies due to
malware increased 11 percent, to more than US$2.6 million per company,
on average, and the cost due to malicious insiders — defined as
employees, temporary staff, contractors and business partners — jumped
15 percent, to US$1.6 million per organization, on average.
Together these two types of cyberattacks accounted for one-third of the
total US$13.0 million cost to companies, on average, from cybercrime in
2018, an increase of US$1.3 million in the past year. Similarly, the
cost to companies from phishing and from social engineering increased to
US$1.4 million per organization, on average.
The study calculated cybercrime costs as what an organization spends to
discover, investigate, contain and recover from cyberattacks over a
four-consecutive-week period, as well as expenditures that result in
after-the-fact activities — i.e., incident-response activities designed
to prevent similar attacks — and efforts to reduce business disruption
and the loss of customers.
“From people to data to technologies, every aspect of a business invites
risk and too often security teams are not closely involved with securing
new innovations,” said Kelly Bissell, senior managing director of
Accenture Security. “This siloed approach is bad for business and can
result in poor accountability across the organization, as well as a
sense that security isn’t everyone’s responsibility. Our study makes it
clear that it’s time for a more holistic, proactive and preventative
approach to cyber risk management involving full business engagement
across the entire ecosystem of partners.”
Other notable findings of the study include:
In 2018, surveyed companies each recorded an average of 145
cyberattacks — resulting in the infiltration of a company’s core
networks or enterprise systems — an 11 percent increase over 2017 and
67 percent higher than five years ago.
Malware is the most expensive type of attack, costing companies
US$2.6 million, on average, followed by web-based attacks, at
The number of organizations experiencing ransomware attacks increased
by 15 percent in 2018, with the costs increasing 21 percent, to
approximately US$650,000 per company, on average. The number of
ransomware attacks more than tripled in the past two years.
Six in seven companies (85 percent) experienced phishing and social
engineering cyberattacks in 2018 — a 16 percent increase over 2017 —
and three-quarters (76 percent) suffered web-based attacks.
Automation, orchestration and machine-learning technologies were
deployed by only 28 percent of organizations — the lowest of the
technologies surveyed — yet provided the second-highest cost savings
for security technologies overall, at US$2.9 million.
Companies in the United States experienced the greatest increase in
costs due to cybercrime in 2018, at 29 percent, with a cost of
US$27.4 million per company, on average — at least double that of
companies in any other country surveyed. Japan was the next highest, at
US$13.6 million, followed by Germany, at US$13.1 million, and the U.K.,
at US$11.5 million. The countries with the lowest total average costs
per company were Brazil and Australia, at US$7.2 million and
US$6.8 million, respectively.
“Increased awareness of people-based threats and adopting breakthrough
security technologies are the best way to protect against the range of
cyber risks,” said Dr. Larry Ponemon, chairman and founder of the
Ponemon Institute. “Our report not only illustrates our joint commitment
with Accenture to keep security professionals informed about the nature
and extent of cyberattacks, but also offers practical advice for
companies to improve cybersecurity efforts going forward.”
For more information on security investments that can help organizations
effectively deal with cyber risks, visit: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study.
The study, conducted by the Ponemon
Institute on behalf of Accenture, analyzes a variety of costs
associated with cyberattacks to IT infrastructure, economic cyber
espionage, business disruption, ex-filtration of intellectual property
and revenue losses. Data was collected from 2,647 interviews conducted
over a seven-month period from a benchmark sample of 355 organizations
in 11 countries: Australia, Brazil, Canada, France, Germany, Italy
Japan, Singapore, Spain, the United Kingdom and the United States. The
study represents the annualized cost of all cybercrime events and
exploits experienced over a one-year period from 2017 to 2018. These
include costs to detect, recover, investigate and manage the incident
response. Also covered are costs that result in after-the-fact
activities and efforts to contain additional expenses from business
disruption and the loss of customers.
Accenture is a leading global professional services company, providing a
broad range of services and solutions in strategy, consulting, digital,
technology and operations. Combining unmatched experience and
specialized skills across more than 40 industries and all business
functions — underpinned by the world’s largest delivery network
Accenture works at the intersection of business and technology to help
clients improve their performance and create sustainable value for their
stakeholders. With 469,000 people serving clients in more than 120
countries, Accenture drives innovation to improve the way the world
works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside
out, so they can confidently focus on innovation and growth. Leveraging
its global network of cybersecurity labs, deep industry understanding
across client value chains and services that span the security
lifecycle, Accenture protects organizations’ valuable assets,
end-to-end. With services that include strategy and risk management,
cyber defense, digital identity, application security and managed
security, Accenture enables businesses around the world to defend
against known sophisticated threats, and the unknown. Follow us
@AccentureSecure on Twitter or visit us at www.accenture.com/security.
This document makes descriptive reference to trademarks that may be
owned by others. The use of such trademarks herein is not an assertion
of ownership of such trademarks by Accenture and is not intended to
represent or imply the existence of an association between Accenture and
the lawful owners of such trademarks.
Copyright © 2019 Accenture. All rights reserved. Accenture, its logo,
and High Performance Delivered are trademarks of Accenture.
+1 703 947 4404