Cyber Crime–What Does It Cost?

A recent study by the Ponemon Institute on behalf of security firm Sophos, and another by Ernst and Young took looks at the cyber crime situation in American and around the world.  What these studies found is:

  • Cyber crime costs US companies about $1600 per year per employee.  So count up your employees and multiply by $1600.  That is what cyber crime is costing your company. For a ten person firm that is $16,000 per year.
  • These costs are derived from the following sources:
    • Stealing intellectual property
    • Thefts from online bank and financial accounts
    • Distribution of malware to other computers
    • Posting confidential information on the Internet
    • Holding critical information for ransom
    • Attacking critical network infrastructure to disrupt operations
    • Costs to prevent and secure attacks such as firewall devices or security software.
  • Global annual cost are approaching $500 billion.
  • Roughly one third of all attacks involve malicious code, malware, viruses, or Trojan horses.
  • 96%  of survey companies indicated that they are unprepared for a cyber attack.

This is the year to get your cyber security house in order by developing a comprehensive security plan and supporting policies, and it all starts with a security audit, vulnerability assessment, or penetration test my a certified cyber security expert.  By systematically plugging the leaks in your security perimeter and educating your employees about the how and why of secure computing practices, you should be able to save your self and your company from the kind of expenses these studies uncovered.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.