Both the cost and time to tackle attacks are growing faster than ever as cyber crime becomes more convoluted and companies struggle to keep pace.
It now takes more than double the time to fight attacks today than it did four years ago, at 78% more the cost, according to a new study by Ponemon Institute conducted on behalf of Hewlett-Packard (HPQ).
The exponential growth comes as hackers and their infiltration methods, from phishing schemes to denial-of-service attacks, become more sophisticated and relentless.
"The threat landscape continues to evolve as cyberattacks grow in sophistication, frequency and financial impact," said Frank Mong, general manager of solutions at H-P’s enterprise security products business.
Costs vary widely depending on the type of threat and the victim’s experience level, with Ponemon recording a range of $1.3 million to $58 million among the 1,000 polled organizations. The average cost has grown by 26% over 2012, with those protecting critical assets, such as banks, defense and utilities, footing much of the bill.
In fact, easy-to-implement DDoS attacks, used to temporarily down the consumer sites of major U.S. banks over the last year, have become one of the costliest methods of infiltration due to the disruption they cause to victim’s operations.
Other major costs are the theft of customer information, such as when hackers stole personal information from three million Adobe (ADBE) customers last week, as well as money spent on preventative measures.
Even the well prepared are struggling to keep pace with their cyber enemies.
While Ponemon does not disclose the specific organizations polled for the study, the victims it refers to as "experienced" -- think banks like Bank of America (BAC) and JPMorgan Chase (JPM) that have been among those hit in a string of high-profile DDoS attacks -- are now seeing more successful weekly attacks.
To break it down even further, Ponemon says the average time to dissolve an attack now takes 32 days, with costs amounting to close to $32,500 a day, or just over $1.0 million for the entire period.
Last year it took companies just 24 days and a half a million dollars to thwart them.