Cyber crime cost Canadian companies more than $12M in 2018
Study finds malware and people-based attacks most common cyber attacks.
TORONTO — Malware and people-based cyber attacks, such as phishing and social engineering, cost Canadian companies an average of $12.12 million in 2018, according to new research by Accenture and the Ponemon Institute.
Accenture’s 2019 “Cost of Cyber Crime Study” is based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organizations worldwide, including 179 senior leaders from 25 companies in Canada.
Globally, the average cost of malware attacks increased 11%, to more than $3.5 million per company, and the cost due to malicious insiders — employees, temporary staff, contractors and business partners — jumped 15%, to $2.2 million per organization.
These two types of cyber attacks accounted for one-third of the total $17.5million cost to companies in 2018, an increase of $1.8 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to $1.9 million per organization.
Cyber crime costs are based on what a company spends to discover, investigate, contain and recover from cyber attacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities. These include incident-response designed to prevent similar attacks, and efforts to reduce business disruption and the loss of customers.
“As business innovation propels forward, so too does the expanding threat landscape, leading to an increase in cyber attacks,” says Ahmed Etman, managing director of security at Accenture Canada, a professional services company with offices across Canada. “Canadian organizations must prioritize protecting people, take a data-centric approach to security to limit information loss and business disruption, and implement AI technology and analytics to reduce the rising cost of attacks.”
Here are some Canadian findings:
• 25 surveyed companies recorded an average of 75 cyber attacks, which translates to almost 1.5 attacks per week.
• The cost of business disruption was almost $4 million, and $5.4 million in information loss.
• 81% of business leaders say new business models introduce technology vulnerabilities faster than they can be secured.
• Malicious insiders and malicious code are the most expensive type of attacks, costing companies on average, $4.5 million. These attacks also take the longest to resolve – twice as long as ransomware and phishing and social engineering attacks.
• Automation, artificial intelligence and machine-learning technologies provide the highest cost savings when fully deployed.
Click here for more information.