Ninth Annual Cost of Cybercrime Study

Tuesday, March 26, 2019

In an ever-changing digital landscape, it is vital to keep pace with the impact of cyber trends. We found that cyberattacks are changing due to: 

  • Evolving targets: Information theft is the most expensive and fastest rising consequence of cybercrime. But data is not the only target. Core systems, such as industrial controls, are being hacked in a dangerous trend to disrupt and destroy.
  • Evolving impact: While data remains a target, theft is not always the outcome. A new wave of cyberattacks sees data no longer simply being copied but being destroyed—or even changed in an attempt to breed distrust. Attacking data integrity—or preventing data toxicity—is the next frontier.
  • Evolving techniques: Cyber criminals are adapting their attack methods. They are targeting the human layer—the weakest link in cyber defense—through increased ransomware and phishing and social engineering attacks as a path to entry. An interesting development is when nation-states and their associated attack groups use these types of techniques to attack commercial businesses. Attempts are being made to categorize attacks from these sources as ‘acts of war’ in an attempt to limit cybersecurity insurance settlements.


As cybercrime evolves, business leaders are faced with an expanding threat landscape from malicious nation-states, indirect supply chain attacks and information threats. Organizations are introducing new technologies to drive innovation and growth faster than they can be secured. Humans are increasingly targeted as the weakest link in cyber defenses.

Now in its ninth year, the Cost of Cybercrime Study combines research across 11 countries in 16 industries. We interviewed 2,647 senior leaders from 355 companies and drew on the experience and expertise of the Accenture Security professionals to examine the economic impact of cyberattacks.

Our research found that cybercrime is increasing, takes more time to resolve and is more expensive for organizations. But we also found that by improving cybersecurity protection, cybercrime costs can be reduced and new revenue opportunities realized. Highlights from our findings show:

  • The expanding threat landscape and new business innovation is leading to an increase in cyberattacks—the average number of security breaches in the last year grew by 11 percent from 130 to 145.
  • Organizations spend more than ever to deal with the costs and consequences of more sophisticated attacks— the average cost of cybercrime for an organization increased US$1.4 million to US$13.0 million.
  • Improving cybersecurity protection can decrease the cost of cybercrime and open up new revenue opportunities—we calculate a total value at risk of $US5.2 trillion globally over the next five years.
  • By prioritizing technologies that improve cybersecurity protection, organizations can reduce the consequences of cybercrime and unlock future economic value as higher levels of trust encourage more business from customers.
  • Three steps to unlocking the value in cybersecurity

    1. Prioritize protecting people-based attacks: Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders.
    2. Invest to limit information loss and business disruption: Already the most expensive consequence of cyberattacks, this is a growing concern with new privacy regulationssuch as GDPR and CCPA.
    3. Target technologies that reduce rising costs: Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.


Authors: Kelly Bissell, Ryan Lasalle, Paolo Dal Cin

Article from: Accenture