Recommended NZ | Guide to Money | Gimme: Competitions - Giveaways

Malware and malicious insiders accounted for one-third of cybercrime costs last year - report

Fuseworks Media
Fuseworks Media

The cost to global companies from malware and "malicious insider" related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019 "Cost of Cybercrime Study" found that the cost to companies due to malware increased 11 percent, to more than US$2.6 million (NZ$3.76 million) per company, on average, and the cost due to malicious insiders - defined as employees, temporary staff, contractors and business partners - jumped 15 percent, to US$1.6m (NZ$2.3m) per organisation, on average.

Together these two types of cyberattacks accounted for one-third of the total US$13.0m (NZ$18.8m) cost to companies, on average, from cybercrime in 2018, an increase of US$1.3m (NZ$1.8m) in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million (NZ$2m) per organisation, on average.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities - i.e., incident-response activities designed to prevent similar attacks - and efforts to reduce business disruption and the loss of customers.

"In New Zealand we are facing similar issues to our global counterparts. From people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations," said Justin Gray, Country Managing Director, Accenture New Zealand.

"Security is everyone’s responsibility and it’s time for a more holistic and preventative approach to cyber risk management, especially as the way we live, work and play becomes increasingly digitised. By understanding where they can gain value in their cybersecurity efforts, leaders in New Zealand can minimise the consequences, and even prevent, future attacks." Other notable findings of the study include:

In 2018, surveyed companies each recorded an average of 145 cyberattacks - resulting in the infiltration of a company’s core networks or enterprise systems - an 11 percent increase over 2017 and 67 percent higher than five years ago.

Malware is the most expensive type of attack, costing companies US$2.6m (NZ$3.76m), on average, followed by web-based attacks, at US$2.3m (NZ$3.3m).

The number of organisations experiencing ransomware attacks increased by 15 percent in 2018, with the costs increasing 21 percent, to approximately US$650,000 (NZ$940,000) per company, on average. The number of ransomware attacks more than tripled in the past two years.

Six in seven companies (85 percent) experienced phishing and social engineering cyberattacks in 2018 - a 16 percent increase over 2017 - and three-quarters (76 percent) suffered web-based attacks.

Automation, orchestration and machine-learning technologies were deployed by only 28 percent of organisations - the lowest of the technologies surveyed - yet provided the second-highest cost savings for security technologies overall, at US$2.9m (NZ$4.19m).

United States companies saw the greatest jumps in cost due to cybercrime in 2018, at 29 percent, with a cost of US$27.4m (NZ$39.62m) per company, on average - at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6m ($19.67m), followed by Germany, at US$13.1m (NZ$18.9m), and the U.K., at US$11.5m (NZ$16.6m). The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2m (NZ$10.4m) and US$6.8m (NZ$9.8m) respectively. New Zealand wasn’t included in the survey.

"Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Our report not only illustrates our joint commitment with Accenture to keep security professionals informed about the nature and extent of cyberattacks, but also offers practical advice for companies to improve cybersecurity efforts going forward."

All articles and comments on have been submitted by our community of users. Please notify us if you believe an item on this site breaches our community guidelines.