2012 Cost of Cyber Crime Study: United States
Benchmark Study of U.S. Companies
Ponemon Institute October 2012
Part 1. Executive Summary
We are pleased to present the 2012 Cost of Cyber Crime Study: United States, which is the third annual study of US companies. Sponsored by HP Enterprise Security, this year’s study is based on a representative sample of 56 organizations in various industry sectors. While our research focused on organizations located in the United States, many are multinational corporations.
For the first time, Ponemon Institute conducted cyber crime cost studies for companies in the
United Kingdom, Germany, Australia and Japan. The findings from this research are presented in separate reports.
Cyber attacks generally refer to criminal activity conducted via the Internet. These attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure. Consistent with the previous two studies, the loss or misuse of information is the most significant consequence of a cyber attack. Based on these findings, organizations need to be more vigilant in protecting their most sensitive and confidential information.
Key takeaways from this research include:
Cyber crimes continue to be costly. We found that the average annualized cost of cyber crime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to
$46 million. In 2011, the average annualized cost was $8.4 million. This represents an
