The Ponemon Institute study “Perceptions About Network Security” reports a significant increase in cyber attacks, both in terms of frequency and severity.
Ponemon surveyed 583 IT and IT security practitioners in the United States. More than half of those surveyed are employed by organizations with 5,000+ employees. Seventy-eight percent of the respondents reported that their company had experienced a significant increase in the frequency of attacks during the last twelve months. Thirty-three percent reported “some” increase. More than half of the respondents experienced two or more breaches in the last year.
It is clear from the report that these breaches are costly. Ponemon inquired into the financial impact of the breaches (i.e., cash outlays, internal labor, overhead, business disruption, revenue losses and other expenses). Forty-one percent reported that cyber attacks cost their companies $500,000 or more. A surprising 16% could not determine the cost of the attacks.
Most of the breaches reported occurred at off-site locations — 28% occurred remotely while 27% occurred at a third party or business partner site. And, although 55% of the attacks came from external sources, 49% were internal.
The survey also suggests that mobile devices continue to be a weak link for data security. Thirty-four percent of the attacks came from employee laptops and 29% from employee mobile devices. Despite the threat posed by such devices, 60% of those surveyed reported that their companies allow employees to access their network or enterprise systems.
Despite the increase in cyber attacks, the costs associated with the attacks and the widespread use of mobile devices, only 56% of those surveyed reported that their companies had written corporate security policies.
Although a recent Towers Watson study indicated that companies are still reluctant to but cyber insurance, the results of the Ponemon survey highlight the growing need for such coverage.