The cost of cybercrime incidents is rising rapidly for UK organisations but smaller ones are being hit proportionately harder, a major study by the Ponemon Institute has calculated.

The UK element of what was a global study on behalf of HP’s Enterprise Security division looked at 36 UK-based organisations that reported a total of 192 attacks. The average annual cost of these was £2.99 million ($4.75 million) ranging from £379,000 at one end of the scale to £17 million at the other extreme.

In the equivalent 2012 report, cybercrime cleanup costs were  £2.1 million per organisation which means that these have risen 36 percent in a year.

The definition of a cybercrime covers a wide range of events but malicious insiders, web-based attacks, denial of service, and malicious code (unidentified malware) were particularly costly to deal with, largely because they often go undetected for long periods of time; the longer an attack went undiscovered, the higher the eventual cost to the organisation concerned, the report found.

Put another way, rapid discovery of an attack lowers costs as does rapid clean-up. The average time to resolve an attack was 25 days with the special category of insider attacks raising this to 63 days.

Ponemon found that all sectors were victims of cybercrimes, but some sectors spend more on sorting them out than others with finance, defence and energy showing the highest numbers.

The cost differences were most striking when looking at organisational size with the 2013 cost per seat being £141 for the largest firms but £530 per seat for the smallest ones.  It’s not simply that smaller organisations bear more cost in relation to their size, what generates that cost varies too, with attacks from malware much more expensive for the small to remediate.

Ponemon’s study also looked at the US, France, Japan, Germany and Australia, finding the same rising curve of cost for cybercrime with the UK in fact recording the second lowest costs of those surveyed. But what is causing these rising costs?

Part of the answer is that there simply more attacks to generate costs – or at least more being detected – but it could also be that greater awareness has caused a more diligent reaction when incidents are uncovered.

Ponemon found that those organisations that had invested in a range of security systems (i.e. SIEM and big data analytics as well as established technologies) ended up with lower remediation costs. This appeared to be a function of time; more rapidly detected incidents were cheaper and quicker to fix. Top of this pile for return on investment were security intelligence systems and advanced perimeter controls; surprisingly data loss prevention and automated policy management showed much lower returns.