Enterprise organizations that have been impacted by cyber breaches report that monetary losses from cybersecurity events have increased year over year, according to the 2017 U.S. State of Cybercrime survey.
Looking at the financial ramifications of cyber attacks, the survey notes that there are many metrics to measure the impact of an attack, both hard costs and time as well as reputation. One thing that cannot be disputed is the financial costs of a cyberbreach. The survey found that 21 percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884,000, compared to estimates of $471,000 from the previous year.
The survey aims to provide a look into the state of U.S. cybersecurity, revealing how security and business leaders are defending their organizations, the top threats they are facing as well as ramifications when an attack occurs. The survey is a collaborative effort between CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service and Forecepoint. The survey was published by IDG Communications.
The survey found that the prominence of security continues to be elevated within organizations. Thirty-five percent of top security executives report to the CEO, and 50 percent have security leadership brief the board of directors at least quarterly.
Almost half of organizations (48 percent) have seen budget increases for security, resulting in an average IT security budget of $11 million, and an additional $9 million dedicated to physical security.
Organizations are using these growing budgets to put tools and processes in place to keep data and assets secure, and to address anomalies. To catch insiders who may have malicious intent, 58% of organizations monitor user behavior.
To address concerns about trusted partners steps are being taken outside of organization walls, as 47 percent are evaluating their supply chain vendors and partners to ensure approved security practices are in place before signing a contract. To ensure security practices are maintained, 58 percent of enterprise organizations (1,000+ employees) require business partners to sign service-level agreements to specify cybersecurity standards.
However, despite increased budgets and C-level support, security leaders’ concerns over cyber threats is growing Three quarters of security leaders are more concerned about cybersecurity threats now than there were in 2016, according to the survey.
Looking at the who and how behind cyber incidents, the majority of organizations that have identified a breach (79 percent), claim that the event was committed by an outsider. In addition, 31 percent of organizations responding to the survey had at least one insider incident in 2016, however, 76 percent of those incidents were handled internally, without involving legal action or law enforcement, according to the survey.
The survey report authors note that as organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches. Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections.
