In brief

In brief

  • In the Ninth Annual Cost of Cybercrime Study, Accenture and Ponemon Institute analyze the latest cost of cybercrime to help leaders better target security investments and resources.
  • Cyberattacks are evolving from the perspective of what they target, how they impact organizations and the changing methods of attack.
  • This year, we quantify the growing cost of cybercrime by analyzing trends in malicious activities over time.
  • We also reveal how improving cybersecurity protection can unlock economic value by reducing the cost of cybercrime and opening up new revenue opportunities.
  • By understanding where they can gain value in their cybersecurity efforts, leaders can minimize the consequences—and even prevent—future attacks.

In an ever-changing digital landscape, it is vital to keep pace with the impact of cyber trends. We found that cyberattacks are changing due to:

  • Evolving targets: Information theft is the most expensive and fastest rising consequence of cybercrime. But data is not the only target. Core systems, such as industrial controls, are being hacked in a dangerous trend to disrupt and destroy.
  • Evolving impact: While data remains a target, theft is not always the outcome. A new wave of cyberattacks sees data no longer simply being copied but being destroyed—or even changed in an attempt to breed distrust. Attacking data integrity—or preventing data toxicity—is the next frontier.
  • Evolving techniques: Cyber criminals are adapting their attack methods. They are targeting the human layer—the weakest link in cyber defense—through increased ransomware and phishing and social engineering attacks as a path to entry. An interesting development is when nation-states and their associated attack groups use these types of techniques to attack commercial businesses. Attempts are being made to categorize attacks from these sources as ‘acts of war’ in an attempt to limit cybersecurity insurance settlements.

People-based attacks have increased the most


As cybercrime evolves, business leaders are faced with an expanding threat landscape from malicious nation-states, indirect supply chain attacks and information threats. Organizations are introducing new technologies to drive innovation and growth faster than they can be secured. Humans are increasingly targeted as the weakest link in cyber defenses.

Now in its ninth year, the Cost of Cybercrime Study combines research across 11 countries in 16 industries. We interviewed 2,647 senior leaders from 355 companies and drew on the experience and expertise of the Accenture Security professionals to examine the economic impact of cyberattacks.

Our research found that cybercrime is increasing, takes more time to resolve and is more expensive for organizations. But we also found that by improving cybersecurity protection, cybercrime costs can be reduced and new revenue opportunities realized. Highlights from our findings show:

  • The expanding threat landscape and new business innovation is leading to an increase in cyberattacks—the average number of security breaches in the last year grew by 11 percent from 130 to 145.
  • Organizations spend more than ever to deal with the costs and consequences of more sophisticated attacks— the average cost of cybercrime for an organization increased US$1.4 million to US$13.0 million.
  • Improving cybersecurity protection can decrease the cost of cybercrime and open up new revenue opportunities—we calculate a total value at risk of $US5.2 trillion globally over the next five years.
  • By prioritizing technologies that improve cybersecurity protection, organizations can reduce the consequences of cybercrime and unlock future economic value as higher levels of trust encourage more business from customers.

Three steps to unlocking the value in cybersecurity

  1. Prioritise protecting people-based attacks: Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders.
  2. Invest to limit information loss and business disruption: Already the most expensive consequence of cyberattacks, this is a growing concern with new privacy regulations such as GDPR and CCPA.
  3. Target technologies that reduce rising costs: Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.


Average number of security breaches in 2019


Increase in security breaches since last year


Increase in security breaches in the last five years


Organizations could benefit from US$5.2 trillion of future revenues over the next five years

About the Authors

Kelly Bissell

Senior Global Managing Director – Accenture Security

Ryan M. LaSalle

Managing Director – Accenture Security North America

Paolo Dal Cin

Managing Director, Lead – Accenture Security Europe and Latin America


Cyber Threat Intelligence Report
Ransomware response and recovery
The importance of cloud security

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter