Major UK Companies Pierced By Cyber Attack Every Week

Thomas Brewster,
carphone warehouse

HP-sponsored study shows costs reaching into the millions for UK’s biggest firms

Some of the biggest organisations in the UK are being successfully breached by hackers every week, research has found.

Figures from the HP and Ponemon Institute’s ‘2012 Cost of Cyber Crime Study’ looked at 38 companies in the UK with 1,000 employees or more. Across all of those companies, they experienced 41 successful attacks a week, or 1.1 per organisation per week.

Over a four-week benchmarking period, all organisations experienced attacks relating to viruses, worms and/or trojans, with 87 percent infected with malware. Over half were hit by denial of service attacks.

Cyber attack figures worse in US

The US study across 56 organisations found the situation was even worse across the pond, where those companies were being hit by 102 successful attacks a week and 1.8 per business per week.

It’s costing those organisations too. The research found average annualised cost of cyber crime for the 38 UK organisations stood at £2.1 million per year, with a range of £400,000 up to £7.7 million a year for different groups.

The average time to resolve a cyber attack was 24 days, with an average cost to participating organisations of £135,744 over this 24-day period.

The research put together some estimates on the average cost of cyber crime for five countries, which showed the cost of a compromise was almost $6 million less in the UK than in the US.

Such figures have been disputed in the past, as they take into account various factors, including how much is subsequently spent on the security stack after a successful hit. Some have argued security vendors pump up the figures as much as possible, to scare companies into buying their products.

The HP-sponsored study included internal and external costs, including investigation, containment and recovery, as well as something called “ex-post response”, which includes the amount spent on additional security following a hack.

Regardless of such quibbles, Rhod Davies, managed security services chief technologist at at HP Enterprise Security, said the study showed how costly attacks were, admitting that security protections were failing to keep up with advances made by malicious hackers. “It’s also a reflection of where attackers are shifting emphasis,” he told TechWeekEurope.

He indicated HP could start to hook up its different Big Data divisions with its security teams to offer better intelligence for businesses. “We have ArcSight and Autonomy. There are a number of internal discussions going on between security specialists and data specialists… the conversations are definitely going on.”

Are you a security guru? Try our quiz!