A new report by the Ponemon Institute has pegged the average cost of cyber attacks at $3.8 million a year. This figure comes from an actual study of 45 U.S. organizations involved in data breaches and is published in a report titled "The First Annual Cost of Cyber Crime Study."

The $3.8 million figure includes totaling up revenue lost, time spent stopping and responding to the attacks, disruption to business, or acquiring of new hardware and software (amortized) in direct response to a security incident.

As noted by Dark Reading, there are some interesting nuggets of information from the report: "Nearly half of all breach costs occur in detection and recovery, and the average number of days to recover and resolve from an attack was 14 days, with a cost of $17,696 per day."

Not surprisingly, an attack from an insider takes far longer to resolve: 42 days. This is probably something worth considering, especially with the newly discovered vulnerability in the WPA2 specification pertaining to internal attackers, which you can read more about here. 

Referring to the report, Larry Ponemon, chairman of the Ponemon Institute explained why costs for some attacks can differ widely (or cost so much): "For instance, malicious code issues are harder to find and resolve than botnets and malware. Hence, more resources are expended fixing software versus eliminating a virus with a known signature."

For more on this story:
- check out this article at Dark Reading
- check out this article at eWeek
- check out this article at Network World 

Related Articles:
Researcher finds security vulnerability in WPA2
FBI's Chabinsky: Cybercrime is a profession
Microsoft: A tax to fight cybercrime
Are you managing for cybercrime?