The cost of cybercrime for large companies rose around the world in 2015, especially in the United States, where responding to attacks cost nearly $3 million more on average than it did a year ago.
Researchers at the Ponemon Institute surveyed large companies around the world and found that, while there was a huge variety in individual costs—some companies were hit for as much as $65 million, while others paid as little as $1.9 million—the common denominator was that everyone was losing millions.
The average global cost of cybercrime for large companies rose to $7.7 million. In the United States, companies saw costs of $15.4 million on average in 2015, a $2.7 million rise from 2014.
Why are hackers so successful? One major reason is their speed.
Businesses take up to 120 days to address critical vulnerabilities that leave doors open for hackers, according to a recent study by Kenna Security.
Criminals themselves react much more quickly. Companies have a 90 percent chance of being hacked within 40 days of a major vulnerability being announced, unless they have patched the relevant systems. The longer companies wait to apply patches, the higher the risk—and companies often wait far too long.
The number of exploits is growing as well. Kenna reported seeing more than 1.2 billion successful exploits in the wild this year, a 445 percent increase over 2013 and 2014 combined.
While sophisticated attacks represent a threat, even relatively simple hacks can be effective.
“We have to deflate myths around the sophistication of attacks,” John Weigelt, the Chief Technology Officer at Microsoft Canada, explained. “There are a few attacks out there that require a lot of effort and political capital to do. But when we look at the threat environment, we see a lot of attacks using vulnerabilities for which patches were delivered long ago.”
The Ponemon study looked at 252 companies in the United States, United Kingdom, Germany, Australia, Japan, Russia, and Brazil.