Study: Cyber Attacks Decrease in Number, Increase in Damage

Cybercrimes and other digital threats are increasingly on the radars of organizations of all kinds worldwide. In response to growing hacking concerns, the U.S. Secret Service, the online publication CSO, and Carnegie Mellon University’s Software Engineering Institute collaborated on the 2017 U.S. State of Cybercrime study. The study collected data from 510 respondents, 70% of whom were at the vice president level of their company or higher.

Read on to discover the highlights of this insightful study, and how you might learn from it to make the relevant changes to boost cybersecurity at your company.

Organizational Responses

IT security has now won the attention of C-level executives. The average increase in IT budgeting was 7.5%, and 1 out of 10 respondents reported a 20% budget increase. The average IT security budgets of the organizations surveyed was $11 million, with the bulk of that spending going toward new technologies. Other significant expenditures include audits, redesigning cybersecurity strategies, and knowledge sharing.

Though 20% of chief (information) security officers now report to a company’s board of directors on a monthly basis, the vast majority of these boards still interpret security as an issue of IT rather than corporate governance. Work remains in translating the seriousness of these concerns to management, especially when more than a third of respondents claimed they did not have a response plan in place in the event of a cyber breach.

The Rising Threats

The relationship between the quantity and quality of cyber attacks (from the attacker’s perspective, that is) has been intriguing. On average, security events dropped by 8.2% last year, even though the number of businesses that were event-free dropped from 36% to 30%. More than two-thirds of surveyed organizations stated their losses were the same or greater than the previous year. By considering all of these points, we can extrapolate that cyberattacks are becoming more effective, even as security measures are increasing.

Increases in phishing attacks, ransomware attacks, financial fraud, confidential and proprietary information losses, network downtime, application alterations, card-not-present fraud, and disruptions to critical systems were all reported. Perhaps one of the largest spikes in cybercrime comes from compromised business emails. This was not even reported in 2015, but clocked in at 1 in 11 organizations this past year.

Of all security events, 44% were targeted attacks aimed specifically at a company or its employees, continuing a three-year trend.

The Aftermath

The net results were that:

  • 15% of businesses had to notify individuals of a breach
  • 8% had to notify business partners
  • 8% had to notify regulators
  • 7% had to notify law enforcement and government entities

Furthermore, one in 10 organizations suffered financial losses due to cyber threats, and 1 in 16 reported that their reputation had been damaged because of hacking. It is also worth noting that 36 out of the 510 organizations admitted to not pursuing legal action over cyber crimes due to concerns over negative publicity.

The Takeaways

Of the respondents, 74% described a greater anxiety over security concerns than in the previous year. This means steps must be taken to incorporate a fuller protocol to protect organizations from the new vulnerabilities that emerge every week. As cloud computing, advanced ERP systems, and the Internet of Things become commonplace across many industries, ongoing security awareness must increase. The average breach took three months to detect, so smart companies will invest in education, testing, full-scale analysis, and communication.

All employees need to receive regular training to decrease incidents resulting from neglect or accidents, such as phishing scams. Similarly, security program testing must become regular instead of being relegated to a once-a-year afterthought.

Contact Sentek Global now and speak to our expert team about better protecting your company against today’s biggest cybersecurity threats. We can carry out tests to find your greatest weaknesses and help you implement solutions to fix them.