Cyber Monday Attacks Cost Organizations up to $3.4 Million per Hour in Losses, RSA Finds

New Study Shows That While a Majority of Merchants Experience a Spike in Holiday-Timed Attacks; Most Admit to Not Being Able to Detect Them


  • According to a new study by RSA and the Ponemon Institute, Cyber Monday represents an average 55 percent surge in daily online/mobile retail revenues.
  • A corresponding surge in attacks drives hard losses, on average, as much as $500,000 per hour or $8,000 per minute. Customer churn from reputation and brand damage can drive losses to as much as $3.4 million from a single hour of disruption.
  • While 64 percent of organizations see significant increases in attack activity, only 23 percent of attacks can be detected quickly and remediated, and nearly 70 percent of organizations do not take additional precautions in anticipation of increased attacks.

BEDFORD, MASS, OCTOBER 28, 2013 - RSA, The Security Division of EMC (NYSE: EMC), today announced the results of a study conducted by the Ponemon Institute looking at the cost of fraud and online disruption coincident with Cyber Monday. The study surveyed 1,100 IT staff inside of retail organizations in the U.S. and UK.

As the holiday season approaches, retail organizations look forward to, and prepare for what should be a daily revenue surge that respondents in the study calculate as an average of 55 percent. Respondents also expressed concern that a corresponding surge in attacks in these timeframes puts those business gains at risk, with losses on average of as much as $500,000 per hour, or $8,000 per minute. The issue becomes more troubling as 66 percent expect that disruption would result in customer churn that would damage reputation and brand and could push losses as high as $3.4 million from a single hour of disruption.

It would seem that the evidence of what is at risk and the inevitability of the threat could not be more urgent, but organizational preparedness and action is lacking. While 64 percent of organizations see significant increases in attack activity, more than 70 percent of organizations do not take additional precautions in anticipation of increased attacks. Additionally, with current capabilities, 51 percent say that they do not have real-time visibility into web traffic making it difficult to identify the root cause of such attacks – leaving only 23 percent feeling that most attacks can be quickly detected and remediated. The report also identifies the top nine scenarios organizations will likely face approaching Cyber Monday with the vast majority categorizing these as difficult or very difficult to detect. In order of likelihood, the attack scenarios are:

  • Botnet and Distributed Denial of Service (DDoS)
  • App Store Fraud
  • Mobile Access/Account Compromise
  • Click Fraud
  • Stolen Credit Card Validation
  • eCoupon Abuse
  • Account Hijacking
  • Electronic Wallet Abuse
  • Brand Promotion Hijacking


Demetrios Lazarikos, IT Threat Strategist, RSA, The Security Division of EMC

“The competitive climate and the unpredictability of the economy does not leave organizations much margin for business error. Unfortunately, the stealth and savvy cybercriminals have advanced to a point where traditional security and fraud defenses on which businesses rely on are at best insufficient and at worst….obsolete. Business logic abuse hides in plain sight because it uses ‘legitimate’ processes for illegitimate gain. The problem requires universal visibility, a risk layered approach, and a new way of understanding the adversary. Isolating the outliers in crowd behavior that indicate attacks is critical for identifying malicious behavior and business logic abuse.”


Larry Ponemon, Ph.D., Chairman and Founder, The Ponemon Institute, CIPP

“While the findings here are admittedly shocking, they underscore an age-old issue in that budgets and business dynamics perpetuate vulnerability and keep organizations behind the eight ball. However, all is not lost. Forward-thinking organizations that have the agility to break from the status quo and embrace innovation can not only better protect their business, but also gain a massive advantage. Reducing losses from fraud and increasing trust in the brand can propel a business ahead of its competitors.”



RSA, The Security Division of EMC, is the premier provider of intelligence-driven security solutions. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges: managing organizational risk, safeguarding mobile access and collaboration, preventing online fraud, and defending against advanced threats.

Combining agile controls for identity assurance, fraud detection, and data protection, robust Security Analytics and industry-leading GRC capabilities, and expert consulting and advisory services, RSA brings visibility and trust to millions of user identities, the data they create, the transactions they perform, and the IT infrastructure they rely on. For more information, please visit

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.