Research shows it takes larger organisations around a month, with a cost of almost £13,000 a day, to fix systems after a cyber-attack, and even longer for smaller organisations, with the cost of attacks up 23 percent on the previous year according to research by the Ponemon Institute, in its Global Report on the Cost of Cyber Crime.
Ponemon surveyed 257 large companies in seven countries, and measured the costs of more than 1,700 attacks suffered by the firms, with 122 being successful per year. Malicious attacks by insiders are the rarest, but most expensive, with denial of service, web-based attacks and malicious code coming close. Detection of threats is the highest internal cost, with business disruption as the highest external cost. Energy and utility organisations have the most expensive attacks, followed by financial services.
Sean Mason, global incident response leader at CSC, says it can cost around £250 per hour for an Incident-Response- for-hire team. Marshall Heilman, a consultant with FireEye's Mandiant, says "How can you tell if your IR plan is working? If most organisations can get to under one week [to remediate], they're doing pretty well.”
"The most surprising finding from this study was that it takes an average of 31 days to resolve a cyber-attack, costing an average of over US$ 20,000 per day. It is alarming to know that an unwanted adversary could invade your system, causing costly and reputation-destroying damages without you even knowing it. The ability to remain under the radar enables the adversary to invade your system even further - making it more difficult to eliminate the attack completely, and increasing overall costs." says Larry Ponemon chairman and founder of the Ponemon Institute. He went on to explain that: “It is critical for organisations to take preventative measures and invest in the security of their organisation, as that investment could significantly decrease any financial losses that could occur from a public security breach."