For Enterprises, Malware is the Most Expensive Type of Attack

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots

8th March, 2019 1 Min read

The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organizations worldwide, Accenture’s and Ponemon Institute’s study found that the cost to companies due to malware increased 11 percent, to more than US.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 percent, to US.6 million per organization, on average.

Book a demo today to see GlobalDots is action.

Together these two types of cyberattacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organization, on average.

A close-up of several stacks of coins in front of a blurred clock,representing the concept of time and money.

Latest Articles

Web Security

Vulnerability Assessments vs. Penetration Testing: Key Differences, Use Cases & Best Practices

They’re not interchangeable. A vulnerability assessment identifies known flaws at scale. A penetration test mimics an actual attacker probing for impact. Yet many teams treat them the same. They substitute one for the other, check a compliance box, and move on as if they’re covered. They’re not. And that gap shows up later in real-world […]

Ganesh The Awesome

7th July, 2025

Web Security

Web Application Firewalls (WAFs): The Evolving First Line of Defense in Cloud Security

Modern applications are built for speed, not simplicity. Containers, microservices, and cloud-native deployments have blown up the security perimeter. Traditional tools can’t keep up with this complexity. That’s why Web Application Firewalls (WAFs) matter. But the WAF of 2025 isn’t just an appliance sitting in front of a static website. It’s a flexible, cloud-aware security […]

Ganesh The Awesome

7th July, 2025

Web Security

What is an API Security Audit?

In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome

26th June, 2025

Web Security

The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome

26th June, 2025

Back to Resources

Unlock Your Cloud Potential