The 2014 report on the global cost of cybercrime has revealed some interesting results about how and where security-conscious organisations should invest their efforts in the fight against cybercrime. 257 companies from seven countries were surveyed. Findings indicate that the deployment of enterprise security governance practices can significantly reduce the cost of cyber crime.
Indeed, companies that invest in adequate resources, appoint a high-level security leader and employ certified or expert staff have lower cyber crime costs than companies that have not implemented these practices.
According to the survey, on average, companies have globally incurred cost-savings in the fight against cyber crime by employing the following technologies (per organisation):
- Security intelligence systems – US$2,575,405
- Access to governance tools – US$1,403,261
- Advanced perimeter controls and firewall technologies – US$1,397,186
- Extensive deployment of encryption technologies – US$1,376,514
- Enterprise deployment of GRC tools – US$1,335,730
- Extensive use of data loss prevention tools – US$1,134,374
- Automated policy management tools – US$429,173
Effective governance activities proven to reduce the cost of cyber crime
The top three governance activities undertaken by companies participating in the global study were:
- Certification against industry-leading standards (for instance ISO27001).
- The appointment of a high-level security leader (CISO).
- The employment of expert security personnel.
The report goes further to explain that companies that invest in adequate resources, appoint a high-level security leader and employ expert staff have lower cyber crime costs than companies that have not implemented these practices.
“The so-called “cost savings” for companies deploying good security governance practices is estimated at $1.3 million per company annually for employing expert personnel and $1.1 million per company annually for achieving certification against industry-leading standards.”
Find out how vsRisk™, the world’s leading risk assessment software, can help organisations improve the management of cyber security risk simply and cost-effectively.