GO
Loading...

What cyberthreats are costing US companies

Maciej Frolow | Photographer's Choice RF | Getty Images

Companies everywhere are increasingly vulnerable to cybercrime, but U.S. companies appear to be even more threatened than most, says a new report.

According to PricewaterhouseCooper's 2014 Global Economic Crime Survey, U.S. businesses were hit harder financially by cybercrime relative to other countries in recent years

(Read more: Heat system called door to target for hackers)

Seven percent of U.S. organizations lost $1 million or more, compared with 3 percent of global organizations, according to PwC. And 19 percent of U.S. organizations lost between $50,000 and $1 million, compared with just 8 percent of global respondents. The report, which was released Wednesday, measures damages from 2011 to 2013.

(Read more: Record-breaking DDoS attack strikes CloudFlare's network)

This growing cost of cyberattacks has spurred lawmakers' interest in the issue, said Tom Ridge, CEO of Ridge Global and former secretary of the Department of Homeland Security, at a panel discussion hosted by PwC in New York on Wednesday. While no legislation has been passed, it's likely things are moving in that direction, he said.

(Read more: Microsoft reports may aid hack attacks on businesses)

Last week, the Commerce Department issued a set of "voluntary" guidelines for banks and other companies that support critical infrastructure in an effort to get organizations to increase their security measures. These guidelines probably won't be voluntary for long, Ridge said.

"Whenever the government comes around with guidelines, it usually becomes a mandate," Ridge said.

"And whether mandates truly end up being helpful or not remains to be seen," he said. "The challenge is for people to accept the notion that compliance to a regulation doesn't necessarily mean security."

While government regulations may help, it's up to each company to assess their own vulnerabilities and take appropriate action, said Sean Joyce, a principal at PwC and former deputy director of the Federal Bureau of Investigation, during the panel.

"The private sector knows more about what's going on on the net. They just don't share their information," Joyce said.

(Read more: Your phone apps know more about you than you think)

Many U.S. companies aren't investing in necessary security infrastructure because they aren't accounting for the financial damage cybercrime could have on their business.

"I think one of the challenges is—whether it is investing in the protection of their intellectual property or even IT security—it's a cost, it's not viewed as an investment because they can't extrapolate out what the threat is," said Pamela Passman, a panelist at the event and president and CEO of the Center for Responsible Enterprise and Trade.

According to PwC, U.S. respondents were less aware of the impact cybercrime had on their bottom line than companies elsewhere. In fact, 42 percent of U.S. organizations were unaware of the cost, compared with 33 percent of global companies.

This ignorance or neglect ends up costing companies a lot more, Ridge said.

"What's cheaper? Pre-emptive investment? Or responsive investment?" Ridge said.

By CNBC's Cadie Thompson. Follow her on Twitter @CadieThompson.

Featured

Contact Cybersecurity

  • CNBC NEWSLETTERS

    Get the best of CNBC in your inbox

    › Learn More

Squawk Alley