Cybercrime is on the rise, the consequences of it take longer to fix, and more companies are losing more money because of it, according to the Ninth Annual Cost of Cybercrime Study recently published by Accenture and the Ponemon Institute. The 2019 study is rooted in comprehensive, wide-ranging interviews with 2,647 senior leaders from 355 companies across 11 countries and 16 industries.\nToday\u2019s cyberattacks are changing \u2013 from the companies they choose to victimize, to the techniques used to carry them out, to the types of harm they wreak. Last year, there were an average of 145 security breaches \u2013 ones that infiltrated the companies\u2019 core networks or enterprise systems \u2013 in each of the firms in the survey. That\u2019s 11 percent higher than the number of reported breaches in 2017, and fully 67 percent higher than five years ago.\nEscalating costs\nObviously, when the number of attacks goes up, so does the cost of dealing with them. On that front, the average cost has increased to $13 million, $1.4 million more than in 2018.\nThese costs ware based on how much the affected organizations spent to find, examine, contain and recover from a data breach over a continuous four-week period, in addition to costs incurred for subsequent work intended to prevent similar attacks. Efforts to deal with business disruptions and customer losses are also included in the cost estimate.\nAmerican firms saw the biggest cybercrime cost increases: they were 29 percent more than they were in 2018. The average per-company cost was US$27.4 million \u2013 twice the cost reported by firms in all the other countries covered in the survey.\nJapan came next, at US$13.6 million, followed by Germany, at US$13.1 million. The UK (US$11.5 million) was in third place. The lowest total average costs per company were in Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.\nAttacks gaining further sophistication\nThe theft of data is the costliest and rapidly increasing result of cybercrime. But data isn\u2019t the only thing in the bad guys\u2019 crosshairs. According to the report, mission-critical operational systems such as industrial controls are other targets, for the sole purpose of throwing a wrench into \u2013 or even destroying \u2013 a company\u2019s business. For instance, distributed denial of service (DDoS) attacks can knock off online services for hours and cause major damages when brining an organization\u2019s business operations to a standstill.\nWhile data is a top target, the bad guys don\u2019t always want to steal it. There\u2019s a new trend among cybercriminals to not simply copy data, but to monkey around with it so that it is either ruined or can no longer be trusted. Compromising the integrity of data seems to be the cybercrime du jour \u2013 if not now, then in coming months and years.\u00a0\nOn top of that, cybercriminals are evolving their techniques. More than ever, they are taking aim at the weakest link in any corporate IT security system: humans. The fact is, if you want to do harm to a giant computer system, ransomware, phishing and social engineering may be your best bet. When someone\u2019s guard is down, it\u2019s easy to click on fake links and email attachments.\u00a0\nBy now, these are old tricks. What\u2019s new is the growing propensity of certain countries and their paid hackers to use these techniques to take down giant commercial companies. Some jurisdictions are starting to classify such attacks as "acts of war" in an attempt to thwart or limit\u00a0cyber-security\u00a0insurance settlements.\n3 steps to resilience\nAs cybercrime becomes more widespread and sophisticated, organizations and companies are looking at a diverse threat landscape that includes ill-intentioned nation-states, back-door supply chain attacks, and threats to their data. Meanwhile, these firms are implementing newfangled, game-changing technologies before they know exactly how to secure them. For instance, automation, advanced analytics, orchestration and machine-learning technologies (to name a few) were put in place by only 28 percent of organizations \u2014 the lowest of the technologies surveyed. But they produced the second-highest cost savings for security technologies overall, at US$2.9 million.\n\u201cFrom people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations,\u201d said Kelly Bissell, Senior Managing Director of Accenture Security.\n\u201cThis siloed approach is bad for business and can result in poor accountability across the organization, as well as a sense that security isn\u2019t everyone\u2019s responsibility.\u201d\nThe Accenture\/Ponemon study noted that better cyber-security measures can allow CIOs and other IT leaders to reduce cybercrime costs and cash in on new revenue opportunities. To this end, it presented three steps that enterprises can take to improve security and cut losses.\nSince the report said that countering internal threats \u2013 such as phishing, ransomware attacks and malicious insiders \u2013 is still one of the biggest challenges, step one is to make it a priority to protect against people-centered attacks.\nAnother step is to budget for, and spend on, tools to put the brakes on information losses, business disruptions and system outages, which are the costliest results of cyber-attacks. This concern is highlighted by the rollouts of new privacy regulations such as the European Union's\u00a0General Data Protection Regulation\u00a0(GDPR) and California Consumer Privacy Act of 2018 (CCPA).\nAs well, organizations should do their best to take advantage of tools that can keep IT security costs down through automation and security intelligence, which are efficient ways to protect against attacks.