Businesses of all sizes are feeling a growing lack of confidence about their ability to prevent attacks on their networks, as the frequency and cost of security breaches continues to rise, according to a study published on Wednesday by the Ponemon Institute.
The study, sponsored by Juniper Networks, found that 90 percent of businesses had been hit by at least one IT security breach in the past 12 months, with more than half, or 59 percent, citing two or more breaches in that period.
“The threat from cyber attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks,” the Ponemon Institute said in a statement.
The survey comes on the heels of a string of high-profile cyber-attacks that has targeted organisations including security vendor RSA, Lockheed Martin, the International Monetary Fund, the FBI and the CIA.
The explosion of mobile devices has contributed significantly to businesses’ sense of insecurity, with laptops and other mobile kit seen as the most likely points from which attacks are launched against a company, the study found.
Employee laptop computers were the source of 34 percent of breaches, while employee mobile devices were the source of 29 percent of breaches, Ponemon found.
Forty-eight percent of breaches were caused by a malicious software download, 43 percent from malware encountered on a website and 29 percent from malware encountered via social media. System glitches caused 19 percent of breaches, and malware from text messages caused 3 percent.
However, most organisations didn’t know the source of all of their security breaches, with only 11 percent saying they knew where all of their security incidents had originated.
The companies surveyed said overall the security breaches had cost them at least half a million dollars to address, when costs such as cash outlays, business disruption, revenue losses, internal labour and overhead were taken into account.
The most serious consequence of a breach, according to 59 percent of respondents, was the theft of information assets, followed by business disruption.
Forty-three percent of the companies in the study said there had been a significant rise in the frequency of cyber-attacks during the past 12 months and 77 percent said the attacks had become more severe or difficult to contain, Ponemon said.
As a result more than one-third of the respondents said they had “low confidence” in their ability to prevent a network security breach, the study found.
The 583 US-based participants in the study ranged from smaller organisations with less than 500 employees to enterprises with more than 75,000 staff. The study was based on an online survey conducted over a five-day period in June.
The survey shows that current IT security systems are not keeping up with the challenges facing them, despite many organisations – 28 percent – earmarking more than 10 percent of their budgets to security, according to Ponemon.
“This study suggests conventional network security methods need to improve in order to curtail internal and external threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.
As a result of the rising certainty of security breaches, some industry observers have suggested organisations should turn their attention to preparing for the detection and response to an incident, rather than to preventing attacks.
The Ponemon survey found that 16 percent of organisations had the quick detection and response to security incidents as their primary security focus, while 32 percent continued to primarily focuson preventing attacks. About 25 percent said they were focused on aligning security controls with industry best practices.
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
View Comments
Great article Matthew! These stats in your article are very valuable for IT security practices. It is a certainty that European companies will begin to feel the threat of security breaches unless steps are taken to ensure corporate networks have the type of Data Leakage Protection that can safeguard the network layer. With the proliferation of mobile devices being utilized by company employees, cyber terrorists have a vast network to choose from when searching for vulnerabilities. Our company, Wedge Networks has been perfecting a platform solution for years to anwser these challenges, and we are leading efforts to prevent the good things from flowing out and the bad things from flowing in through Deep Content Inspection that detects the intent of data in the network.