Globally, nearly 120,000 security incidents occur each day. However, information security budgets have shrunk for the fifth straight year—and most enterprises lack a cross-organizational team to deal with security issues.
By Samuel Greengard
If it seems as though the murky netherworld of cyberspying, hacking, DDoS attacks and stealing data seems to be getting worse, you're right. According to a new PwC report, The Global State of Information Security Survey 2015, reported security incidents rose 48 percent this year to 42.8 million. If you do the math, that comes to 117,339 attacks per day! The compound growth rate of detected security incidents has increased an average of 66 percent annually since 2009.
Of course, these are only reported incidents. It's not exactly a secret that many organizations either a) don't have a clue that a data breach has occurred, or b) prefer to hide these events for fear of bad publicity. No matter, the report delivers a heaping dose of reality. Organizations—particularly their CIOs and CSOs—must become far more vigilant and agile in a rapidly changing cybersecurity landscape.
Globally, the estimated reported average financial loss from cybersecurity incidents stands at $2.7 million—a 34 percent increase over 2013, according to PwC. What's more, big losses have become more common. Organizations reporting financial hits in excess of $20 million rose 92 percent in 2014. At the same time, attacks from nation states and organized crime are on the rise. The survey identified a 64 percent increase in security incidents attributed to competitors, some of whom may be backed by nation states.
Security Budgets Keep Shrinking
Unfortunately, global information security budgets actually shrunk by four percent last year, which is a continuation of a five-year downward trend. Another alarming fact is that much of the risk associated with cybercrime centers on mobile devices and targeted phishing schemes. Both of these areas represent growing risks. For example, PwC reports that incidents caused by current employees increased 10 percent over the last year, while those attributed to current and former service providers, consultants and contractors rose 15 percent and 17 percent, respectively.
Don't expect this situation to get better anytime soon. Tight purse strings and chronic corporate myopia don't point toward any tangible improvement. Too often, the PwC report points out, organizations attempt to deal with the consequences of insider cybercrime internally rather than involving law enforcement agencies or pressing charges on the culprit. This leaves other organizations vulnerable if they hire these employees in the future.
Equally disturbing is the fact that only 49 percent of respondents said their enterprise has a cross-organizational team that regularly convenes to discuss, coordinate and communicate information security issues.
About the Author
Samuel Greengard is a contributing writer for CIO Insight. To read his previous CIO Insight blog post, "Big Data = Big Challenges," click here.