Defense Companies Pay Out

Crime pays, and criminal activities that target cyberspace are no exception, according to a survey conducted from Ponemon Institute and sponsored by security vendor ArcSight.

Among the dozen industries included in the survey, defense companies shell out the most money -- more than $16 million annually -- to compensate for the loss or theft of information, disruption to business operations, revenue loss and destruction of property that resulted from cyber crimes. Close behind were the energy and financial services industries, which spend $15.63 million and $12.37 million per year, respectively. The public sector pays $5.68 million.

Interestingly enough, retail pays only $2.77 million; a seemingly small amount, especially when you consider how often they're targeted for customer financial data (the attack against TJX Companies immediately comes to mind).

Some key findings of the survey:

• The median annualized cost of cyber crime of the 45 organizations included in the study is $3.8 million per year, but can range from $1 million to $52 million per year per company.
• Organizations surveyed experienced 50 successful attacks per week.
• Web attacks, malicious code and malicious insiders account for more than 90 percent of all cyber crime costs per organization.