The fourth-annual Cost of Cybercrime Study, produced by the Ponemon Institute and sponsored by Hewlett-Packard's enterprise security unit, showed the cost enterprises pay to clean up after a cyberattack has increased 26% from 2012, and has gone up a staggering 78% since the first report was released four years ago....
Instead of focusing on the total cost incurred by enterprises, the Ponemon report narrowed its scope to only include what enterprises spent while responding to cybercrime incidents, including detection, investigation, recovery and incident management.
Larry Ponemon, founder and chairman of the Ponemon Institute, noted that the report doesn't take into account, as an example, what costs a company would incur if its "crown jewel" of data was stolen -- either because a dollar value would be impossible to calculate, or because an organization typically overestimates the value of its own data. Even without these costs included, the report showed the cost range spanning all the way from the low of $1.3 million to the high of $58 million, a number Ponemon said even the largest organizations would notice....
Perhaps more important than having the right technologies, organizations that consistently experienced lower cybercrime costs did so by implementing the right people and processes. In particular, Ponemon pointed to enterprises that had a chief information security officer (CISO) or other equivalent in place, with the caveat that they were real senior-level executives. Such organizations, he noted, tended to have better security governance, mostly because hiring a CISO signals that the company takes information security seriously and is willing to make an investment in credentialed professionals.
"It's not that that person is the reason for the value that we find," Ponemon said. "But the organizations that have that person with the right role and the right title and authority tend to be smarter around the whole governance of security."
No comments:
Post a Comment