CSOs Uphill Battle Against Cybercrime Continues
Concern about cybersecurity is only growing
of organizations have experienced a cybersecurity event in the
past 12 months.
79%
Estimated financial loss from cybersecurity events forenterprise
organizations (1,000+ employees) was an average of
$471,000of enterprise organizations say they could not estimate
the financial impact after detecting a security incident.
69%
76%59%
were more concerned about cybersecurity
threats in 2014.
are more concerned about cybersecurity
threats today.
Firewalls SPAM Filtering Network-based Anti-virus
Electronic Access Control System
Complex Passwords
*****
say from the time an intrusion began to the time it was
discovered, was less than 1 day.
Just 23%
discovered it in less than 1 week. 49%
either still do not have securitypolicies and procedures in
place or don't know or don't if they do.
1in10
Some CSOs Starting to Find Ally with Government
received a cyber-threat briefing or visit from agovernment
agency/law enforcement in the past12 months.
26%of those participating in the briefings from government
agencies say it improved ability to defend themselves from
cybercrimes.
71%}25%
25%
Participate in Information Sharing and Analysis Center
activities
Dont know
50%Participate in programs designed to share security
information.
CYBERCRIMERemains a Clear and Present
DANGER
Most Eective Technologies in Detecting/Countering Security
Events:
*****
Security Incident Frequency Continues to Intensify
On average, there were
security incidents per organization in the last 12 months; an
increase from 135 on average last year.
163Enterprises fared worse, averaging
incidents in the last 12 months. Almost 1 event each day!
305
identified third-party vendors as the biggest risk to their
supply chain/business ecosystem.62%(45%) of enterprises saw an
increase in
cybersecurity events from this year to last.
Nearly Half
of all organizations saw an increase in cybersecurity events
within the organization in the last12 months.
26%
Who are Biggest Culprits? Insiders or Outsiders?Top 3 known
cybersecurity attacks of last 12 months:
Virus, worms, or othermalicious code introduced
to organization
Phishing attacks Spyware implanted
of cybersecurity events are from outsiders
77%On average,
33%
30% 37%
Cybercrimes more costly/damaging when caused by:
Dont know/Not sure
InsiderOutsiders
Top mechanisms used by INSIDERS in committing cybercrimes last
12 months:
Social engineering
Compromised an account
Download information to home computer
Laptops
of the time, unintentionally exposed private information comes
from insiders.
52%unintentionally coming from outsiders.
Only 15%
Source: 2015 U.S. State of Cybercrime Survey from CSO, PwC, U.S.
Secret Service, and CERT Division of Software Engineering Institute
at Carnegie Mellon University
More than 500 U.S. executives, security expertsresponded to the
2015 U.S. State of Cybercrime Survey.
} of phishing attacks originate from outsiders.
55%believe they have the expertise to address additional cyber
risks as a result of new technologies primarily from the SMAC stack
(Social, Mobile, Analytics, Cloud)
78%
To learn more about cybercrime and the results of this study,
please contact Sue Yanovitch, VP Marketing, IDG Enterprise at:
[email protected]
To learn more about CSO and sponsorship opportunities please
visit www.IDGEnterprise.com