St. Louis Among Most-Hacked Cities
Is Your Business Protected?
With the number of large local, national and international companies that experienced data breaches in 2014 —Staples, Sony, Target, P.F. Chang's and The Home Depot – it's becoming harder to think any given company or city is immune. In fact, as reported in a recent St. Louis Business Journal article, St. Louis is far from secure: our city ranks as the third most-hacked city in the United States, following Tampa and Orlando.
A study from Enigma Software found that in 2014 St. Louis experienced computer infections on a per capita rate that was almost 370 percent higher than the national average. Forbes Magazine recently reported that Patrick Morganelli, SVP of Technology at EnigmaSoftware.com, says that there isn't a particular reason for St. Louis and the other ranked cities to be experiencing higher rates of infection. Some factors have less to do with user behavior and more to do with network intrusions or malware piggy-backing on legitimate applications, he says.
This comes on the heels of the Ponemon Institute's 2014 Cost of Cyber Crime Study, which found that the average annual cost of cyber crimes is up 9.3 percent since last year at $12.7 million per organization. Information theft amounts to 40 percent of total annual external costs for organizations, making it the highest external cost. An external cost is any cost created by external factors such as fines, litigation, marketability of stolen intellectual property and others. Costs associated with business disruption or lost productivity are the second-highest external cost, accounting for 38 percent of external costs.
There is a positive association between the time it takes an organization to contain an attack and the organizational cost. The Ponemon study found that it takes an average of 45 days to resolve a cyber attack with an average cost of $35,647 per day. The total cost over the 45-day period — $1,593,627 — represents a 33 percent increase from last year's cost estimate, which was based on a 32-day resolution period.
Organizations that deployed security intelligence systems enjoyed an average cost savings of $5.3 million and an ROI of 30 percent. To help reduce the risk of a cyberattack, organizations should first develop an information security policy, document it and disseminate it throughout the organization. Another protective measure is to develop an incident response plan to react to a breach and quarantine activity before it spreads throughout the organization's computer network.
Because cyberattacks can be just as damaging to a business as a fire or other natural disaster, organizations should review their insurance options for cyber protection. A variety of insurance policies cover things like the cost of fines, notification that personally identifiable information or PII has been compromised, liability and business interruption. All cyber policies are different, and you have to be careful to buy the right coverage.