There was a time when the enterprise might ensure its safety from electronic risks using a basic anti-virus program and the vigilant eyes of an IT intern. But in a world of constant cyber-risk, those days are long gone, and the need for specialists and investment is increasing.

A recent study sponsored by HP and conducted by the Ponemon institute showed that cybercrime damages are a multi-million dollar threat to enterprises and it can require considerable investment to reduce their risk.

According to the study, “average annualized cost of cybercrime for 56 organizations in our study is $8.9 million per year, with a range of $1.4 million to $46 million. In 2011, the average annualized cost was $8.4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year.”  The cost was calculated by adding the amount of money that was invested to reduce the risk of attacks to the actual amounts of income these risks jeopardize. The results of the study also stated that the frequency of attacks had marginally increased, with roughly 1.8 successful attacks per week.

Large enterprises were most typically attacked by complicated denial-of-service and Web-based attacks and by malicious insiders facilitating or conducting damage for monetary gain.

And while that old anti-virus software likely won’t be of use to enterprises, the study showed that smaller companies were more likely to be subject to basic attacks that could be caught and mitigated through relatively inexpensive means. Attacks like viruses and trojans, which rely on a user actively downloading them, were common in smaller companies, as were password phising attempts, malware, and good-old fashioned device thievery. 

The study recommended that, while the investment can be expensive, enterprises seek out technologies designed to monitor and predict attacks to prevent the loss of critical IP and damage to infrastructure that facilitates business.