That's according to detailed research from the US Ponemon Institute. But the study says companies who buy advanced security intelligence tools – controversial among CISOs because of their immaturity – can cut their recovery bill by more than half.
Ponemon estimates that large companies using intelligence tools such as security information and event management (SIEM) and intrusion prevention systems (IPS) with reputation feeds and big data analytics spend less than £1.5 million on recovering from cyber crime attacks. That represents a 23 per cent return on their investment, a better payback than on any other type of security product.
But attacks are still growing in cost and number. The average cost rose from £2.1 million to £3 million in a year, partly because the number of attacks also climbed 16 per cent.
Jay Huff, EMEA marketing director at HP Enterprise Security, which sponsored the study, said: “These attacks are becoming more sophisticated and more costly. The average annualised cost of cyber crime rose 30 per cent this year. The increase is actually 78 per cent over four years.”
This has led to a call for the security industry to urgently invest in the type of innovative intelligence products that are putting the biggest dent in attackers.
Cyber expert Mike Loginov, CEO of security consultancy Ascot Barclay, said: “The security industry needs to take a close look at itself and look forwards. Things like anti-virus, anti-malware just don't work anymore. I'm not saying don't do it, just question its limitations.
“We do have new technologies that offer interesting capabilities. We're starting to become more predictive, we're looking at behaviours, looking at benchmarking what normal looks like and picking up anomalies within the system. It's really about intelligent discovery of patterns and anomalies in data that is helping us to fight the crime.”
He added: “We hear from government that systems are being compromised without us knowing, which means there's stuff going on in our networks that we need to identify and eradicate. The security industry cannot sit back and rely on old methodologies to try and resolve some of these issues.”
The Ponemon survey finds the most costly cyber crimes are those caused by malicious insiders, denial of service and web-based attacks.
It recommends: “Mitigation of such attacks requires enabling technologies such SIEM intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GRC) solutions.”