A study recently released by the Ponemon Institute found that, between 2012 and 2013, cybercrime costs rose by 26 percent, jumping from an average of $8.9 million to an average of $11.6 million per attack, when factoring in direct and indirect costs as well as opportunity costs. Attacks are both increasing in number and sophistication, leading to more expensive fixes with a longer fix time after the attack.
The perception that security integration within the software development lifecycle is a major inconvenience for the developers can cause a lack of willingness to fully participate in application security testing. It’s understandable, but if the developers can see security vulnerabilities more as defects within the software’s coding, the new mindset would perhaps offset their inhibition to it. Defects, in fact, that can bring a multimillion dollar corporation to its knees – with an average repair time of 32 days and daily cost of $1,035,769.
The costliest crimes, accounting for over 55 percent of all cybercrime costs, are by web-based attacks, malicious insiders, and DDOS (distributed denial of service) attacks, while the most common cybercrimes include DDOS, web-based attacks and malicious code. Almost no industry was spared either: average cybercrime costs for industries in 2013 ranged from $4.5M for retail, $6.8M for healthcare, $10.8 in the technology sect, and a whopping $23M each for defense and financial services corporations.
In a separate survey, customers were asked how they would react to a business when a breach of their information has occurred. Trust obviously remains a huge issue when it comes to customer loyalty, as the study noted: around 55 percent of those surveyed admitted that they would change their banks after a breach, 46 percent would think about switching insurance companies, 42 percent would visit a different pharmacy and 40 percent would change their doctor or dentist.
All in all, the numbers here may be copious, but they don’t lie. Data breaches like the ones in recent weeks can wreak havoc on business operations. Just this week, European reward scheme Loyaltybuild (the irony should not be missed) suffered a breach of at least 375,000 credit card details in full, plus more than a million phone numbers and addresses.
Information security doesn’t need to be so scary. Proactivity is the prime solution and a smart security strategy with fast turnaround on source code analysis can play a major part of mitigating future costs. Larry Ponemon, chairman and founder of the Ponemon research institute, says that equal parts breach detection and breach prevention solutions should be in place, so that “your detection systems allow you to recognize an attack quickly. Quick detection means quicker remediation and lower costs.” Pleading ignorance just won’t cut it anymore as customers quickly wise up. Act now, and you’ll rest eas(ier) later.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.