According to the latest report from Accenture on the cost of cybercrime, the Cost of Cyber Crime Study 2017, companies are investing at unprecedented levels in systems to prevent or reduce cyberattacks. But the most interesting finding of this study is that increased investment in cybersecurity is not translating into greater effectiveness or efficiency. In other words, our investments are bigger, but not better.
The report analyzes the effectiveness of nine security-related technologies and reveals the gap between investment cost and value achieved, in terms of cost savings and reduction of losses associated with cybercrime.
Of all these technologies, the ones that offer the highest correlation between investment and value are those related to advanced identity and access management. Nevertheless, the study points out the need for constant innovation, since cybercrime is also constantly evolving.
Taking a look at the figures, the cost of cybersecurity over the past year was 11.7 billion dollars, an increase of 22.7% over the previous year. These costs include the identification, recovery, investigation, and management of the incident or attack, including follow-up efforts to minimize business disruption and loss of clients.
For this reason, companies need to be aware that investment does not necessarily equate to value. The study recommends making sensible investments in areas such as security intelligence and advanced access management including, for example, identity verification systems. But the effort doesn’t stop there: systems must be tested constantly and under high pressure, and investment in innovation must be ongoing.
One example of this is the progress made in identity verification technologies, which have evolved from a simple username and password combination to include biometric technologies, geolocation, and SNA (Social Network Analysis) to verify the identity of users.
The cost of cybercrime varies by country, company size, and type of cyberattack, among other factors. In this regard, the report confirms the general perception: the financial industry is the hardest-hit by cybercrime, followed by public utilities and energy.
One of the main reasons for this is the nature of the information gathered by these companies, including information about operations, intellectual property, and the personal and financial data of customers and employees. This is why the theft or loss of information continues to be the most costly outcome of cybercrime, even greater than business disruption, loss of profits, or equipment damage. To be specific, information theft represented 43% of the total cost of cybercrime over the past year.
To sum up, although regulatory compliance is essential, investments in cybersecurity must go beyond that. It’s not enough to invest more; there is a need to invest smarter, as part of a constant process of innovation and updating of technologies to adapt them to new risks, which are also evolving relentlessly.