Study: External cyberattacks cost enterprises $3.5M per year

July 18, 2016 at 06:13 AM
Share & Print

Despite potentially huge business risks posed by external internet threats, IT security leaders say they lack the staff expertise and technology to adequately guard against cyberattacks, according to a new survey.

The Ponemon Institute, a provider of independent research on privacy, data protection and information security policy, discloses this finding in a report sponsored by BrandProtect. The study, "Security Beyond the Traditional Perimeter," examines the threats, costs and responses of companies to external internet cyberattacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company's traditional security perimeter.

The survey reveals that nearly 8 in 10 (79 percent) of information technology security practitioners say their defensive infrastructure to identify and mitigate cyber threats are non-existent, ad hoc or inconsistently applied throughout the enterprise. The companies represented in the research, among them insurers, averaged more than one cyberattack per month and incurred annual costs of about $3.5 million because of these attacks. The security professionals polled cite an acute need for expertise, technology, and external services to address growing concerns about external threats.

Among the report's key findings:

  • 59 percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.

  • External internet attacks are frequent and the financial costs of these attacks are significant. Respondents say they experience an average of 32 material cyberattacks, or slightly more than one per month, costing their companies an average $3.5 million annually.

  • Seventy-nine percent of respondents describe their security processes for internet and social media monitoring as non-existent (38 percent), ad hoc (23 percent) or inconsistently applied throughout the enterprise (18 percent).

  • 64 percent of security leaders (directors or higher) believe that they lack the tools and resources they need to monitor, 62 percent lack the tools and resources they need to analyze and understand, and 68 percent lack the tools and resources they need to mitigate external threats.

"The majority of security leaders understand that these external internet threats imperil business continuity," says Ponemon Research Institute President Larry Ponemon. "The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises."

Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include:

  • mobile app monitoring (cited by 62 percent of respondents)

  • social engineering and organizational reconnaissance (61 percent)

  • branded exploits (59 percent)

  • spear-phishing infrastructure (58 percent); executive and high value threats (54 percent of respondents.)

Related:

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center