Cybertracker Software | Info

ArcSight and Ponemon Institute Release First Annual Cost of Cyber Crime Study

Report Reveals Median Annualized Cost of Cyber Crime is $3.8 Million per Participating Organization; Cost Driven by More than One Successful Attack per Organization Each Week

CUPERTINO, CA – July 26, 2010 – ArcSight, Inc. (NASDAQ: ARST), a leading global provider of enterprise threat and risk management solutions, and the Ponemon Institute today announced the results of a benchmark study that quantifies the economic impact of cyber crime. The First Annual Cost of Cyber Crime Study was sponsored by ArcSight, independently conducted by the Ponemon Institute and designed to provide awareness around the level of investment and resources needed to prevent or mitigate the devastating consequences of a cyber attack.

Cyber crime generally refers to criminal activity conducted via the Internet.  The attacks can include stealing an organization’s intellectual property, confiscating online bank accounts, creating and distributing viruses on other computers, posting confidential business information on the Internet and disrupting a country’s critical national infrastructure.

According to the study, which involved interviews with the data protection and IT security practitioners in 45 US organizations, cyber crime is common, intrusive, and can have a significant impact on an organization’s bottom line. Over a four-week period, the 45 organizations surveyed in the study experienced 50 successful attacks per week, or more than one successful attack per organization per week. This resulted in a median annualized cost of $3.8 million per organization per year, with costs for the complete benchmark sample ranging from $1 million to nearly $52 million.

“Every corporation is vulnerable to thousands of cyber attacks that occur daily across all industries, causing information theft, disruption to business operations and serious financial loss,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “Through actions such as the appointment of a chief information security officer (CISO), the rollout of an enterprise security strategy, and investments in technologies capable of addressing sophisticated threats and managing complex security events, companies are able to reduce the financial impact of cyber crime.”

Additional key findings of the study include:

• The most costly cyber crimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90% of all cyber crime costs per organization on an annual basis.
• Cyber attacks can be costly if not resolved quickly. In the sample, malicious insider attacks took up to 42 days or more to resolve, with the average cost to an organization of nearly $18,000 per day. 
• Detection and recovery are the most costly internal activities. On an annualized basis, detection and recovery combined account for 46% of the total internal activity cost, with labor representing the majority of these costs.
• Detection and recovery costs from cyber attacks can be mitigated by deploying enabling technologies such as SIEM and enterprise threat and risk management (ETRM) solutions. For example, participating companies that had deployed a SIEM system achieved a 24% cost savings when dealing with cyber attacks versus those that had not.

“Every organization should be concerned about cyber attacks and how much it will cost to manage and contain them.  ArcSight has enabled businesses and government institutions to minimize their exposure to cyber threats with our market-leading SIEM product,” said Tom Reilly, president and CEO of ArcSight.  “However, cyber threats are constantly evolving and traditional signature-based perimeter security is no longer enough. We believe that delivering a comprehensive platform for Enterprise Threat and Risk Management (ETRM) will increase visibility across the enterprise and successfully mitigate exposure to the risks of modern-day cyber crime.”

The First Annual Cost of Cyber Crime Study was conducted in early 2010 from a survey of 45 U.S. organizations representing a cross section of markets. The study focused on the direct, indirect and opportunity costs that resulted from loss or theft of information, disruption to business operations, revenue loss and destruction of property. These costs included what was spent on the detection, investigation, containment, recovery and post-act response.

For a copy of the complete Ponemon study, please visit:
http://www.arcsight.com/library/download/ponemon-2010-cost-of-cyber-crime-study/

About Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About ArcSight

ArcSight (NASDAQ: ARST) is a leading global provider of security and compliance management solutions that protect businesses and government agencies.  ArcSight identifies, assesses, and mitigates both internal and external cyber threats and risks across the organization for activities associated with critical assets and processes.  With the market-leading ArcSight SIEM platform, organizations can proactively safeguard their assets, comply with corporate and regulatory policy and control the risks associated with cyber-theft, cyber-fraud, cyber-warfare and cyber-espionage. For more information, visit www.arcsight.com.

Forward Looking Statements

This news release contains forward-looking statements, including without limitation ArcSight’s belief that delivering a comprehensive platform for Enterprise Threat and Risk Management will increase visibility across the enterprise and successfully mitigate exposure to the risks of modern-day cyber crime.  These forward-looking statements are subject to material risks and uncertainties that may cause actual results to differ substantially from expectations. Investors should consider important risk factors, which include: the risk that alternative solutions may be perceived as better positioned to provide increased visibility across the enterprise and mitigate exposure to cyber crime; and other risks detailed under the caption “Risk Factors” in the ArcSight Annual Report on Form 10 K filed with the Securities and Exchange Commission, or the SEC, on July 9, 2010 and the company’s other filings with the SEC.  You can obtain copies of the company’s Annual Report on Form 10 K and its other SEC filings on the SEC’s website at www.sec.gov.

© 2010 ArcSight, Inc. All rights reserved. ArcSight and the ArcSight logo are trademarks of ArcSight, Inc.

###

Media contact

Atomic PR for ArcSight
Chris Fucanan
415-593-1400
chris.fucanan@atomicpr.com