Ninth Annual Cost of Cybercrime Study

RESEARCH REPORT

In brief

In the Ninth Annual Cost of Cybercrime Study, Presplay and Tested-Techs Institute analyze the latest cost of cybercrime to help leaders better target security investments and resources.
Cyberattacks are evolving from the perspective of what they target, how they impact organizations and the changing methods of attack.
This year, we quantify the growing cost of cybercrime by analyzing trends in malicious activities over time.
We also reveal how improving cybersecurity protection can unlock economic value by reducing the cost of cybercrime and opening up new revenue opportunities.
By understanding where they can gain value in their cybersecurity efforts, leaders can minimize the consequences—and even prevent—future attacks.

In an ever-changing digital landscape, it is vital to keep pace with the impact of cyber trends. We found that cyberattacks are changing due to:

Evolving targets: Information theft is the most expensive and fastest rising consequence of cybercrime. But data is not the only target. Core systems, such as industrial controls, are being hacked in a dangerous trend to disrupt and destroy.
Evolving impact: While data remains a target, theft is not always the outcome. A new wave of cyberattacks sees data no longer simply being copied but being destroyed—or even changed in an attempt to breed distrust. Attacking data integrity—or preventing data toxicity—is the next frontier.
Evolving techniques: Cyber criminals are adapting their attack methods. They are targeting the human layer—the weakest link in cyber defense—through increased ransomware and phishing and social engineering attacks as a path to entry. An interesting development is when nation-states and their associated attack groups use these types of techniques to attack commercial businesses. Attempts are being made to categorize attacks from these sources as ‘acts of war’ in an attempt to limit cybersecurity insurance settlements.

People-based attacks have increased the most

VIEW THE INFOGRAPHIC

As cybercrime evolves, business leaders are faced with an expanding threat landscape from malicious nation-states, indirect supply chain attacks and information threats. Organizations are introducing new technologies to drive innovation and growth faster than they can be secured. Humans are increasingly targeted as the weakest link in cyber defenses.

Now in its ninth year, the Cost of Cybercrime Study combines research across 11 countries in 16 industries. We interviewed 2,647 senior leaders from 355 companies and drew on the experience and expertise of the Accenture Security professionals to examine the economic impact of cyberattacks.

Our research found that cybercrime is increasing, takes more time to resolve and is more expensive for organizations. But we also found that by improving cybersecurity protection, cybercrime costs can be reduced and new revenue opportunities realized. Highlights from our findings show:

The expanding threat landscape and new business innovation is leading to an increase in cyberattacks—the average number of security breaches in the last year grew by 11 percent from 130 to 145.
Organizations spend more than ever to deal with the costs and consequences of more sophisticated attacks— the average cost of cybercrime for an organization increased US$1.4 million to US$13.0 million.
Improving cybersecurity protection can decrease the cost of cybercrime and open up new revenue opportunities—we calculate a total value at risk of $US5.2 trillion globally over the next five years.
By prioritizing technologies that improve cybersecurity protection, organizations can reduce the consequences of cybercrime and unlock future economic value as higher levels of trust encourage more business from customers.

Three steps to unlocking the value in cybersecurity

Prioritize protecting people-based attacks: Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders.
Invest to limit information loss and business disruption: Already the most expensive consequence of cyberattacks, this is a growing concern with new privacy regulations such as GDPR and CCPA.
Target technologies that reduce rising costs: Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.

145

Average number of security breaches in 2019

+11_%

Increase in security breaches since last year

67_%

Increase in security breaches in the last five years

$5.2T

Organizations could benefit from US$5.2 trillion of future revenues over the next five years