Study finds malware and people-based attacks most common cyberattacks in Canada
TORONTO, May 7, 2019 /CNW/ - The cost to Canadian companies from malware and people-based cyberattacks, such as phishing and social engineering, was an average of US$9.25 million in 2018, according to new research by Accenture (NYSE: ACN) and the Ponemon Institute.
Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organizations worldwide, including 179 senior leaders from 25 companies in Canada, Accenture's 2019 "Cost of Cybercrime Study" found that globally, the cost to companies due to malware increased 11 per cent, to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 per cent, to US$1.6 million per organization, on average.
From a global perspective, together these two types of cyberattacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organization, on average.
The study calculated cybercrime costs as what an organization spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.
"As business innovation propels forward, so too does the expanding threat landscape, leading to an increase in cyberattacks," says Ahmed Etman, managing director of security at Accenture Canada. "Canadian organizations must prioritize protecting people, take a data-centric approach to security to limit information loss and business disruption, and implement AI technology and analytics to reduce the rising cost of attacks."
Notable study findings specific to Canada include:
- In 2018, surveyed companies (25 Canadian companies) recorded an average of 75 cyberattacks, which translates to almost 1.5 attacks per week.
- The business consequences of increasingly sophisticated cyberattacks are expensive. In 2018, the cost of business disruption was US$2.96 million, and US$3.8 million in information loss.
- Eighty-one per cent of business leaders say new business models introduce technology vulnerabilities faster than they can be secured.
- Malicious insiders and malicious code are the most expensive type of attacks, costing companies on average, US$3.3 million. These attacks also take the longest to resolve – twice as long as ransomware and phishing and social engineering attacks.
- Automation, AI and machine-learning technologies provide the highest cost savings when fully deployed.
Companies in the United States experienced the greatest increase in costs due to cybercrime in 2018, at 29 per cent, with a cost of US$27.4 million per company, on average — at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6 million, followed by Germany, at US$13.1 million, and the U.K., at US$11.5 million. The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.
"Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Our report not only illustrates our joint commitment with Accenture to keep security professionals informed about the nature and extent of cyberattacks, but also offers practical advice for companies to improve cybersecurity efforts going forward."
For more information on security investments that can help organizations effectively deal with cyber risks, visit: www.accenture.com/insights/security/cost-cybercrime-study.
The study, conducted by the Ponemon Institute on behalf of Accenture, analyzes a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organizations in 11 countries: Australia, Brazil, Canada, France, Germany, Italy Japan, Singapore, Spain, the United Kingdom and the United States. The study represents the annualized cost of all cybercrime events and exploits experienced over a one-year period from 2017 to 2018. These include costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions — underpinned by the world's largest delivery network — Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 477,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organizations' valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.
Copyright © 2019 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.