The Ponemon Institute released last week the 5th annual Cost of Cyber Crime Study results.
The study benchmarked 257 organizations, in 7 different countries (United States, Germany, Japan, United Kingdom, France, Australia, Russia).

It is not a surprise that web-based attacks have a big role in cyber threats, in terms of costs and attack frequency.

Significant takeaways

The following facts are not directly related to web attacks, but are really interesting and give a big picture of today’s threats and cybercrime trends.

web application security statistics illustration

“Cyber crimes continue to be on the rise for organizations”. That’s the sad reality of cyber threats, they continue to grow and are creating more and more malicious businesses. The annualized cost of cybercrime, excluding the Russian case, increased by 10.4%.

“All industries fall victim to cybercrime, but to different degrees”. This clearly means that whatever their industry sector is, companies are not immune.

“The most costly cyber crimes are those caused by malicious insiders, denial of services and web-based attacks”. Not surprisingly, malicious insiders cause big damages, of course because they are inside the organization and have the perfect standpoint and ways to cause huge damages.
These three types of attacks, malicious insiders, DoS and web-based attacks account for more than 55 percent of all cyber crime costs.

Statistics directly related to web-based attacks

58% of companies experienced web-based attacks. The result was almost the same in the 2013 report, with 57%.

In terms of costs, the study reveals that the percentage of annualized cyber crime cost caused by web-based attacks, depending on the country, ranges from 13% to 19%. The study from 2013 showed a range from 10% to 18%, meaning that we have a small increase in proportions.
Other categories of attacks are: denial of services, malicious insiders, viruses worms and trojans, malicious code, phishing and social engineering, malware, stolen devices, botnets.

Average annualized cost caused by web-based attacks is $116,424. Still comparing to the 2013 report, the average annualized cost was $80,995.


If we analyze what we see in the news, like stories about big companies being hacked, passwords or credit card number databases being stolen, the first feeling is that cyber crime is on the rise, especially for web attacks.
It is however quite difficult to know whether what newspapers relate matches the reality, but this study seems to confirm what can initially be perceived as a feeling: cyber crime is still on the rise and web-based attacks are one major vector.

Want to get the full reports? Here is the link to HP enterprise security website, sponsor of the study: