U.S. firms are losing millions of dollars annually to cybercrime, even as the cost to hackers themselves falls.
According to a new report by Hewlett Packard and the U.S.-based Ponemon Institute of Cyber Crime, hacking attacks cost the average American firm $15.4 million per year, double the global average of $7.7 million.
In a survey of more than 2,000 executives and employees in 250 organizations worldwide, the report’s authors found that cybercrime affected all industries and all markets.
The most costly cybercrimes were those carried out by malicious insiders, DDoS and web-based attacks. (DDoS, or a Denial of Service Attack, is a way to take down a website by overwhelming it with traffic.)
The global financial services and energy sectors were the worst hit, with average annual costs of $13.5 and $12.8 million respectively.
Rising business expenses come as the cost to hackers themselves is plunging, thanks to a proliferation of botnets that make launching DDoS attacks cheap and simple, and the easy sharing of tools and exploits on “dark net” forums and marketplaces.
According to cybersecurity firm Incapsula, the price of launching a DDoS attack has plummeted to just $38 per hour. By comparison, “the real-world cost of an unmitigated attack is $40,000 per hour” for businesses.
Another boon to cybercriminals was the release of tools and data from Italian surveillance company Hacking Team, which was itself hacked in July.
Included in the leaked data were a number of “zero day” exploits, or previously unknown security flaws in popular software.
While the affected software makers, including Adobe and Microsoft, rushed to fix their software, experts reported seeing several attacks in the wake of the hack and warned that users who do not regularly update their software are at risk.