A new cybersecurity survey from PwC and CSO magazine makes for some chilling reading for U.S. businesses. According to the 2014 U.S. State of Cybercrime Survey the rate of cyber attacks is increasing and the majority of U.S. organizations are falling sort when it comes to addressing them. In fact, 62 percent of organizations do not have the structure in place to prioritize security investments based on impact and risk.
The survey, through which CSO queried more than 500 U.S. executives, security experts and others from both the public and private sectors, was conducted by CSO magazine in collaboration with PwC, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University.
Other key findings:
- Organizations detected an average of 135 security incidents over the past year.
- More than three quarters (77 percent) of respondents reported a security event in the past year.
- More than two-thirds (67 percent) of respondents who detected a security incident were unable to gauge its financial impact. For those who could, the average annual monetary loss was projected at $415,000 per organization.
- 59 percent reported they were more concerned about cybersecurity threats this year than last year.
- 34 percent said they had seen an increase in the number of security incidents in their organizations.
- Enterprise mobility is a massive hole. Only 31 percent of respondents have a mobile secuity strategy, while only 38& bother to encrypt devices. Only 36 percent employ an MDM solution.
- Less have half of respondents have an effective risk management program. Only 47 percent perform periodic risk assessments and only 24 percent have an objective third party assess their security program.
- "Cyber criminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone. It's imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity," said David Burg, PwC's global and U.S. advisory cybersecurity leader, in a prepared statement.
PwC also offered the following eight recommendations for combating cybercrime:
- Assess risks associated with supply chain partners
- Develop threat-specific policies
- Enhance training and create workforce messaging to boost cybersecurity awareness across the organization
- Ensure that mobile security practices keep pace with adoption and use of mobile devices
- Hold third parties to the same or higher cybersecurity standards
- Invest in people, processes and technologies
- Perform cyber risk assessments regularly
- Take advantage of information sharing internally and externally to learn about new cyber risks
“Despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize,” said Ed Lowery, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service in a statement. “The increasing sophistication of cyber criminals and their ability to circumvent security technologies indicates the need for a radically different approach to cybersecurity: A balanced approach that, in addition to using effective cybersecurity technologies, develops the people, processes, and effective partnerships in order to strategically counter cybersecurity threats.”
The full survey is available for download here.
